Download
| Alert*
oval:org.mitre.oval:def:104
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a differen ... oval:org.secpod.oval:def:17436 Microsoft XML Core Services 4.0 SP2 is installed. oval:org.mitre.oval:def:285 Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. oval:org.mitre.oval:def:221 The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. oval:org.mitre.oval:def:5847 Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as ... oval:org.secpod.oval:def:2670 The host is missing a critical security update according to Microsoft security bulletin, MS08-069. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft XML Core Services, which fails to handle a specially crafted Web page. Successful exploitation co ... oval:org.mitre.oval:def:5999 Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulne ... oval:org.mitre.oval:def:2069 Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. |