Information Disclosure Vulnerability in Microsoft XML Core Services
CVE-2015-2440

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 15 August 2015

What is CVE-2015-2440?

Microsoft XML Core Services versions 3.0, 5.0, and 6.0 are susceptible to an information disclosure vulnerability. Attackers can exploit this weakness by crafting malicious websites that, when visited, may allow unauthorized access to sensitive information. This vulnerability circumvents the Address Space Layout Randomization (ASLR) protection mechanism, putting users at risk. It is crucial for users and administrators to implement the latest security updates from Microsoft to mitigate potential threats linked to this vulnerability.

References

http://www.securitytracker.com/id/1033241

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/76232

vdb-entryx_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-15-381

x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2015
Vulnerability Reserved
Mar 19, 2015