PT-2019-1637 · Microsoft · Msxml+1

Yuki Chen

Published

2019-03-12

Updated

2019-04-10

CVE-2019-0756

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services MSXML (affected versions not specified)

Description A remote code execution issue exists due to the MSXML parser's handling of user input. This allows remote attackers to execute arbitrary code and potentially gain control over the system. The vulnerability is related to unsafe privilege management in the Microsoft XML Core Services MSXML component of the Windows operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

XXE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-269

Related Identifiers

BDU:2019-01185

CVE-2019-0756

Affected Products

Msxml

Windows

PT-2019-1637 · Microsoft · Msxml+1

CVE-2019-0756

Weakness Enumeration

Related Identifiers

Affected Products

References · 7