Title

Multiple Vulnerabilities in Microsoft XML Core Services (MS15-084) (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities affecting Microsoft XML Core Services. Microsoft XML Core Services is a set of services that provide applications written in various scripting languages a high degree of interoperability with XML based applications. To exploit these vulnerabilities, an attacker would entice s user to expose memory addresses by clicking a mailcious link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. If successfully exploited, these vulnerabilities would allow an attacker to decrypt portions of encrypted network information traffic or execute arbitrary code or elevate user rights resulting in the compromise of the affected system.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-61289

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.