XML Parsing Vulnerability in Microsoft XML Core Services
CVE-2013-0007

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services; Windows 7; Windows 8; Windows Server 2003
Vendor: CVE Published:; 9 January 2013

Summary

The vulnerability in Microsoft XML Core Services pertains to improper XML content parsing in versions 4.0, 5.0, and 6.0. This flaw enables remote attackers to execute arbitrary code through a specially crafted web page. The security implications are significant, as it can lead to unauthorized access or system compromise. Secure your environment by ensuring you have the latest updates and patches applied to your MSXML installations.

References

http://www.us-cert.gov/cas/techalerts/TA13-008A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 9, 2013
Vulnerability Reserved
Nov 27, 2012