CVE-2019-1057

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services MSXML (affected versions not specified)

Description A remote code execution issue exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploits this issue could run malicious code remotely to take control of the user’s system. To exploit the issue, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.