Microsoft XML Core Services Information Disclosure Vulnerabilities
Last Update Date:
14 Aug 2015
Release Date:
12 Aug 2015
3722
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
- Multiple MSXML Information Disclosure Vulnerabilities
Information disclosure vulnerabilities exist when Microsoft XML Core Services (MSXML) explicitly allows the use of Secure Sockets Layer (SSL) 2.0. An attacker who successfully exploited these vulnerabilities could decrypt portions of encrypted network information traffic. - MSXML Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft XML Core Services (MSXML) exposes memory addresses not intended for public disclosure. An attacker could combine this information disclosure vulnerability to bypass Address Space Layout Randomization (ASLR). An attacker who successfully exploited this vulnerability could potentially read private data. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but the attacker could use it to obtain information in an attempt to further compromise the affected system.
Impact
- Information Disclosure
System / Technologies affected
- Microsoft Windows Vista
- Microsoft Windows Server 2008
- Microsoft Windows 7
- Microsoft Windows Server 2008 R2
- Microsoft Windows 8 and Windows 8.1
- Microsoft Windows Server 2012 and Windows Server 2012 R2
- Microsoft Windows RT and Windows RT 8.1
- Microsoft Office 2007
- Microsoft InfoPath 2007
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS15-084
Vulnerability Identifier
Source
Related Link
Share with