Information Disclosure Vulnerability in Microsoft XML Core Services 3.0 and 5.0
CVE-2015-2434

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 15 August 2015

Summary

Microsoft XML Core Services 3.0 and 5.0 are vulnerable due to the support for SSL 2.0, which can expose systems to attackers capable of intercepting network traffic. This can lead to unauthorized disclosure of sensitive information by facilitating network sniffing and decryption attacks. It is crucial for organizations to mitigate this risk by disabling SSL 2.0 and applying the latest security updates provided by Microsoft.

References

http://www.securitytracker.com/id/1033241

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 15, 2015
Vulnerability Reserved
Mar 19, 2015