Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2561

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
61.3%
top 1.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft XML Core Services
Timeline
PublishedAug 11
Latest updateMay 14

Description

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-chj8-f33h-qgp9: Microsoft XML Core Services (aka MSXML) 32022-05-14
CVEList
CVE-2010-2561: Microsoft XML Core Services (aka MSXML) 32010-08-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)2010-08-10
CVE-2010-2561 (CRITICAL CVSS 9.3) | Microsoft XML Core Services (aka MS | cvebase.io