Multiple vulnerabilities in Microsoft XML Core Services

Published: 2019-04-10 02:34:46 | Updated: 2019-04-10
Severity High
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2019-0790
CVE-2019-0791
CVE-2019-0792
CVE-2019-0793
CVE-2019-0795
CVSSv3 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 10
Windows RT 8.1

Show more

Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Show more

Vendor URL Microsoft

Security Advisory

1) Input validation error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system

The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0790

2) Input validation error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system

The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0791

3) Input validation error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system

The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0792

4) Input validation error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system

The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0793

5) Input validation error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system

The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0795

Back to List