PT-2015-5746 · Microsoft · Xml Core Services+1

Published

2015-08-11

Updated

2018-10-12

CVE-2015-2434

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services versions 3.0 and 5.0

Description The issue allows remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack. This is due to Microsoft XML Core Services explicitly allowing the use of Secure Sockets Layer (SSL) 2.0, which makes it easier for attackers to decrypt portions of encrypted network information traffic.

Recommendations For Microsoft XML Core Services versions 3.0 and 5.0, consider disabling the use of SSL 2.0 to minimize the risk of exploitation. As a temporary workaround, restrict the use of MSXML to minimize the risk of information disclosure until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-310

Related Identifiers

CVE-2015-2434

Affected Products

Xml Core Services

Office

PT-2015-5746 · Microsoft · Xml Core Services+1

CVE-2015-2434

Weakness Enumeration

Related Identifiers

Affected Products

References · 5