CVE-2019-0793
published 2019-04-09CVE-2019-0793: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution…
PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
17.22%
96.7th percentile
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f3xr-8j4w-q59x: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2019-0792 [HIGH] CWE-611 GHSA-f3xr-8j4w-q59x: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795.
GHSA
GHSA-3g93-9f89-prgj: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2019-0793 [HIGH] CWE-611 GHSA-3g93-9f89-prgj: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.
GHSA
GHSA-8px2-qhm8-m3pc: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2019-0795 [HIGH] CWE-611 GHSA-8px2-qhm8-m3pc: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.
GHSA
GHSA-24rg-9rhw-m9gh: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2019-0791 [HIGH] CWE-611 GHSA-24rg-9rhw-m9gh: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.
GHSA
GHSA-w6p8-6mfr-rc8p: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2019-0790 [HIGH] CWE-611 GHSA-w6p8-6mfr-rc8p: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.
Microsoft
MS XML Remote Code Execution Vulnerability
vendor_msrc·2019-04-09·CVSS 7.8
CVE-2019-0793 [HIGH] MS XML Remote Code Execution Vulnerability
MS XML Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.
To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the use
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Sfruttamento vulnerabilità
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research 2019/04/10 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Se
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Ausnutzung von Schwachstellen
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Offi
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits y vulnerabilidades
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research
Apr 10, 2019
Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research
2019/04/10
Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Se
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-09-2019
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 04-09-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-04-09
Published