Microsoft XML Core Services Improper Restriction of XML External Entity Reference Vulnerability

Summary

Microsoft XML Core Services suffers from improper restriction of xml external entity reference vulnerability

Credit:

The information has been provided by Yuki Chen

The original article can be found at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1060


Details

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.

Vulnerable Systems:

Microsoft XML Core Services 

CVE Information:

CVE-2019-1060

Disclosure Timeline:
Published Date:10/10/2019

Categories: News