Information Disclosure Vulnerability in Microsoft XML Core Services
CVE-2014-0266

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows Xp
Windows Server 2008
Windows Server 2012
Windows Rt
Vendor
CVE Published:
12 February 2014

What is CVE-2014-0266?

The vulnerability exists within the XMLHTTP ActiveX controls in Microsoft XML Core Services, where improper enforcement of the Same Origin Policy allows remote attackers to gain access to sensitive data. By crafting a malicious web page that exploits this weakness, attackers can retrieve data from a different origin, potentially leading to unauthorized disclosure of information. This affects a broad range of Windows operating systems, making it crucial for users and administrators to apply the relevant security updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/103189
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/56771
third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id/1029746
vdb-entryx_refsource_SECTRACK

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.