vendor:
XML Core Services
by:
SecurityFocus
9.3
CVSS
HIGH
Integer Overflow
190
CWE
Product Name: XML Core Services
Affected Version From: 3
Affected Version To: 6
Patch Exists: YES
Related CWE: CVE-2007-0038
CPE: a:microsoft:xml_core_services
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2007
Microsoft XML Core Services Integer Overflow Vulnerability
Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue requests to MSXML that trigger memory corruption. Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Mitigation:
Users should exercise caution when viewing untrusted web content and should apply the latest security patches to help mitigate the risk of exploitation.
