PT-2013-2058 · Microsoft · Xml Core Services+2
Published
2013-01-09
·
Updated
2023-12-07
·
CVE-2013-0007
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft XML Core Services versions 4.0 through 6.0
Description
A remote code execution issue exists due to improper parsing of XML content, allowing attackers to execute arbitrary code via a crafted web page. This may corrupt memory, enabling an attacker to execute code in the context of the current user.
Recommendations
For Microsoft XML Core Services versions 4.0 through 6.0, update to a version that properly parses XML content to prevent remote code execution.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xml Core Services
Office
Sharepoint Server