CVE-2015-2440

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services versions 3.0 through 6.0

Description An information disclosure issue exists when Microsoft XML Core Services exposes memory addresses not intended for public disclosure. This could allow an attacker to bypass Address Space Layout Randomization (ASLR) and potentially read private data. The issue does not allow an attacker to execute code or elevate user rights directly but could be used to obtain information to further compromise the affected system.

Recommendations For Microsoft XML Core Services versions 3.0 through 6.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.