Information Disclosure Vulnerability in Microsoft XML Core Services
CVE-2014-1816

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 11 June 2014

Summary

Microsoft XML Core Services versions 3.0 and 6.0 have a vulnerability that allows remote attackers to exploit a flaw in the download process used by Internet Explorer. This oversight permits the discovery of full pathnames of files on the client system as well as local usernames embedded within these pathnames. Attackers can use specially crafted websites to exploit this vulnerability, leading to unintentional information exposure for users.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/67895

vdb-entryx_refsource_BID

http://blogs.technet.com/b/srd/archive/2014/06/10/assessi...

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 11, 2014
Vulnerability Reserved
Jan 29, 2014