CyberSec.Space Logo
Back to CVE Browser

CVE-2010-2561

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile38.77th
PublishedAug 11, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Xml Core Services

= 3.0

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA10-222A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-051
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11730
πŸ”— http://www.us-cert.gov/cas/techalerts/TA10-222A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-051
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11730

Related Vulnerabilities

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...