← Back

CVE-2013-0007

nvd nist
Published: Jan 9, 2013Modified: Apr 29, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Affected (29)

Microsoft
15 products
Xml Core Services
Windows 7
Windows 8
Windows Server 2008
Windows Server 2012
Windows Xp
Windows Rt
Windows Server 2003
Windows Vista
Expression Web
Groove Server
Office
Office Compatibility Pack
Sharepoint Server
Word Viewer
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Xml Core Services
Version 3.0
Windows 7
All versions
Windows 8
All versions
Microsoft
Windows Server 2008
All versions
Windows Server 2008
All versions
Windows Server 2008
Version r2
Windows Server 2012
All versions
Windows Xp
All versions
Configuration B
8 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Xml Core Services
Version 4.0
Xml Core Services
Version 6.0
Windows 7
All versions
Windows Rt
All versions
Windows Server 2003
All versions
Windows Server 2008
All versions
Windows Vista
All versions
Windows Xp
All versions
Configuration C
13 vulnerable
Vulnerable SoftwareAffected Versions
Xml Core Services
Version 5.0
Microsoft
Expression Web
All versions
Expression Web
Version 2
Microsoft
Groove Server
Version 2007 sp2
Groove Server
Version 2007 sp3
Microsoft
Office
Version 2003 sp3
Office
Version 2007 sp2
Office
Version 2007 sp3
Microsoft
Office Compatibility Pack
All versions
Office Compatibility Pack
All versions
Microsoft
Sharepoint Server
Version 2007 sp2
Sharepoint Server
Version 2007 sp3
Word Viewer
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.