CVE-2013-0007
UnknownEPSS 31.57%
Last modified
CVE-2013-0007 is a vulnerability of currently unknown severity. Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability.". EPSS estimates a 31.57% chance of exploitation in the next 30 days.
Description
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Xml Core Services | 3.0 | — |
| Microsoft | Xml Core Services | 4.0 | — |
| Microsoft | Xml Core Services | 6.0 | — |
| Microsoft | Windows 7 | All versions | — |
| Microsoft | Windows 8 | All versions | — |
| Microsoft | Windows Server 2003 | All versions | Sp2 |
| Microsoft | Windows Server 2008 | All versions | Sp2 |
| Microsoft | Windows Server 2008 | r2 | — |
| Microsoft | Windows Server 2012 | All versions | — |
| Microsoft | Windows Vista | All versions | Sp2 |
| Microsoft | Windows Xp | All versions | Sp2 |
| Microsoft | Windows Rt | All versions | — |
| Microsoft | Xml Core Services | 5.0 | — |
| Microsoft | Expression Web | All versions | Sp1 |
| Microsoft | Expression Web | 2 | — |
| Microsoft | Groove Server | 2007 | Sp2 |
| Microsoft | Office | 2003 | Sp3 |
| Microsoft | Office | 2007 | Sp2 |
| Microsoft | Office Compatibility Pack | All versions | Sp2 |
| Microsoft | Sharepoint Server | 2007 | Sp2 |
| Microsoft | Word Viewer | All versions | — |
References
- http://www.us-cert.gov/cas/techalerts/TA13-008A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA13-008A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-0007?
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
How severe is CVE-2013-0007?
Severity scoring for CVE-2013-0007 is pending analysis. The EPSS model estimates a 31.57% probability of exploitation in the next 30 days.
How do I fix CVE-2013-0007?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2013-0007?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST