CyberSec.Space Logo
Back to CVE Browser

CVE-2013-0007

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile10.52th
PublishedJan 9, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Xml Core Services

= 3.0
πŸ“¦
Microsoft

Xml Core Services

= 4.0
πŸ“¦
Microsoft

Xml Core Services

= 6.0
πŸ’»
Microsoft

Windows 7

All versions
πŸ’»
Microsoft

Windows 7

All versions
πŸ’»
Microsoft

Windows 8

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

= r2
πŸ’»
Microsoft

Windows Server 2012

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Rt

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ“¦
Microsoft

Xml Core Services

= 5.0
πŸ“¦
Microsoft

Expression Web

All versions
πŸ“¦
Microsoft

Expression Web

= 2
πŸ“¦
Microsoft

Groove Server

= 2007
πŸ“¦
Microsoft

Groove Server

= 2007
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office Compatibility Pack

All versions
πŸ“¦
Microsoft

Office Compatibility Pack

All versions
πŸ“¦
Microsoft

Sharepoint Server

= 2007
πŸ“¦
Microsoft

Sharepoint Server

= 2007
πŸ“¦
Microsoft

Word Viewer

All versions

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA13-008A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458
πŸ”— http://www.us-cert.gov/cas/techalerts/TA13-008A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458

Related Vulnerabilities

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...