SB2019041018 - Multiple vulnerabilities in Microsoft XML Core Services
Published: April 10, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-0790)
The vulnerability allows a remote attacker to execute arbitrary code on the target system
The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
2) Input validation error (CVE-ID: CVE-2019-0791)
The vulnerability allows a remote attacker to execute arbitrary code on the target system
The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
3) Input validation error (CVE-ID: CVE-2019-0792)
The vulnerability allows a remote attacker to execute arbitrary code on the target system
The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
4) Input validation error (CVE-ID: CVE-2019-0793)
The vulnerability allows a remote attacker to execute arbitrary code on the target system
The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
5) Input validation error (CVE-ID: CVE-2019-0795)
The vulnerability allows a remote attacker to execute arbitrary code on the target system
The vulnerability exists due to insufficient validation of user-supplied input within the the Microsoft XML Core Services MSXML parser. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0790
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0791
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0792
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0793
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0795