CVE-2015-1646

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services (aka MSXML) 3.0

Description The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD. This vulnerability is related to a component of the Windows operating system, specifically XML Core Services, and is associated with the possibility of cross-domain access to data when declaring document types. This enables attackers to access confidential user data, such as names, passwords, or files on the hard drive.

Recommendations For Microsoft XML Core Services (aka MSXML) 3.0, consider disabling the use of crafted DTDs as a temporary workaround until a patch is available. Restrict access to sensitive user data to minimize the risk of exploitation. Avoid using MSXML 3.0 for processing untrusted XML documents until the issue is resolved.