XML Parsing Issue in Microsoft XML Core Services Affects Multiple Versions
CVE-2013-0006

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services; Windows 7; Windows 8; Windows Server 2003
Vendor: CVE Published:; 9 January 2013

Summary

Microsoft XML Core Services versions 3.0, 5.0, and 6.0 contain a vulnerability related to improper XML content parsing. This flaw can be exploited by remote attackers to execute arbitrary code through specially crafted web pages. Proper mitigation and updates are necessary to safeguard against potential exploits.

References

http://www.us-cert.gov/cas/techalerts/TA13-008A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 9, 2013
Vulnerability Reserved
Nov 27, 2012