Описание
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
Ссылки
- Broken Link
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party Advisory
- Broken Link
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:gold:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:itanium:*
Конфигурация 3
Одновременно
cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_groove_server:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.68203
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
EPSS
Процентиль: 99%
0.68203
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119