Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Expression Web
  • Windows Server 2012
  • Xml Core Services
  • Windows Rt
  • Windows 7
  • Office Compatibility Pack
  • Word Viewer
  • Groove Server
  • Windows Vista
  • Sharepoint Server
  • Windows Server 2003
  • Windows 8
  • Office
  • Windows Xp
  • Windows Server 2008

Configuration 1 [-]

AND
OR cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:expression_web:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:groove_server:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:groove_server:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*
References
Link Resource
http://www.us-cert.gov/cas/techalerts/TA13-008A.html US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2013-01-09T18:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2012-11-27T00:00:00

Link: CVE-2013-0007

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2013-01-09T18:09:40.227

Modified: 2023-12-07T18:38:56.693

Link: CVE-2013-0007

JSON object: View

cve-icon Redhat Information

No data.

CWE