CVE-2015-1646

CWE-2644 documents4 sources
Severity
4.3MEDIUM
EPSS
28.1%
top 3.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft XML Core Services
Timeline
PublishedApr 14
Latest updateMay 14

Description

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mqc5-2j69-wp37: Microsoft XML Core Services (aka MSXML) 3↗2022-05-14
â–¶
CVEList
CVE-2015-1646: Microsoft XML Core Services (aka MSXML) 3↗2015-04-14
â–¶

💥Exploits & PoCs

1
Exploit-DB
RM Downloader 2.7.5.400 - Local Buffer Overflow↗2015-03-26
â–¶
CVE-2015-1646 (MEDIUM CVSS 4.3) | Microsoft XML Core Services (aka MS | cvebase.io