CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-0007

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile10.52th
Published2013年1月9日
Last Modified2026年4月29日

Vulnerability Description

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Xml Core Services

= 3.0
📦
Microsoft

Xml Core Services

= 4.0
📦
Microsoft

Xml Core Services

= 6.0
💻
Microsoft

Windows 7

All versions
💻
Microsoft

Windows 7

All versions
💻
Microsoft

Windows 8

All versions
💻
Microsoft

Windows Server 2003

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

= r2
💻
Microsoft

Windows Server 2012

All versions
💻
Microsoft

Windows Vista

All versions
💻
Microsoft

Windows Xp

All versions
💻
Microsoft

Windows Rt

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Xp

All versions
📦
Microsoft

Xml Core Services

= 5.0
📦
Microsoft

Expression Web

All versions
📦
Microsoft

Expression Web

= 2
📦
Microsoft

Groove Server

= 2007
📦
Microsoft

Groove Server

= 2007
📦
Microsoft

Office

= 2003
📦
Microsoft

Office

= 2007
📦
Microsoft

Office

= 2007
📦
Microsoft

Office Compatibility Pack

All versions
📦
Microsoft

Office Compatibility Pack

All versions
📦
Microsoft

Sharepoint Server

= 2007
📦
Microsoft

Sharepoint Server

= 2007
📦
Microsoft

Word Viewer

All versions

References & Advisories

🔗 http://www.us-cert.gov/cas/techalerts/TA13-008A.html
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458
🔗 http://www.us-cert.gov/cas/techalerts/TA13-008A.html
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458

相關漏洞威脅

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...