What is the severity of CVE-2013-0007?

CVE-2013-0007 has a critical severity rating due to its potential for remote code execution.

How do I fix CVE-2013-0007?

To fix CVE-2013-0007, apply the latest security updates or patches provided by Microsoft.

Which versions of Microsoft XML Core Services are affected by CVE-2013-0007?

CVE-2013-0007 affects Microsoft XML Core Services versions 3.0, 4.0, 5.0, and 6.0.

Can CVE-2013-0007 be exploited via web browsers?

Yes, CVE-2013-0007 can be exploited by attackers through specially crafted web pages viewed in affected web browsers.

Is there a known workaround for CVE-2013-0007 if I cannot apply the patch?

A known workaround for CVE-2013-0007 is to disable Microsoft XML Core Services in your system settings until the patch is applied.

Vulnerability/
CVE-2013-0007

critical

9.3

CWE

9/1/2013

6/8/2024

CVE-2013-0007: Code Injection

First published: Wed Jan 09 2013(Updated: )

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
All of
Any of
Microsoft XML Core Services	=3.0
Microsoft XML Core Services	=4.0
Microsoft XML Core Services	=6.0
Any of
Microsoft Windows 7
Microsoft Windows 7	=sp1
Microsoft Windows 8.0
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2
Microsoft Windows Server
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp2
All of
Any of
Microsoft XML Core Services	=4.0
Microsoft XML Core Services	=6.0
Any of
Microsoft Windows 7
Microsoft Windows RT
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp3
All of
Microsoft XML Core Services	=5.0
Any of
Microsoft Expression Web	=sp1
Microsoft Expression Web	=2
Microsoft Groove Management Server	=2007-sp2
Microsoft Groove Management Server	=2007-sp3
Microsoft Office	=2003-sp3
Microsoft Office	=2007-sp2
Microsoft Office	=2007-sp3
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint	=sp2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint	=sp3
Microsoft SharePoint Server 2010	=2007-sp2
Microsoft SharePoint Server 2010	=2007-sp3
Microsoft Office Word Viewer
Microsoft XML Core Services	=3.0
Microsoft XML Core Services	=4.0
Microsoft XML Core Services	=6.0
Microsoft Windows 7
Microsoft Windows 7	=sp1
Microsoft Windows 8.0
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2
Microsoft Windows Server
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows RT
Microsoft Windows Server	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp3
Microsoft XML Core Services	=5.0
Microsoft Expression Web	=sp1
Microsoft Expression Web	=2
Microsoft Groove Management Server	=2007-sp2
Microsoft Groove Management Server	=2007-sp3
Microsoft Office	=2003-sp3
Microsoft Office	=2007-sp2
Microsoft Office	=2007-sp3
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint	=sp2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint	=sp3
Microsoft SharePoint Server 2010	=2007-sp2
Microsoft SharePoint Server 2010	=2007-sp3
Microsoft Office Word Viewer

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-0007?
CVE-2013-0007 has a critical severity rating due to its potential for remote code execution.
How do I fix CVE-2013-0007?
To fix CVE-2013-0007, apply the latest security updates or patches provided by Microsoft.
Which versions of Microsoft XML Core Services are affected by CVE-2013-0007?
CVE-2013-0007 affects Microsoft XML Core Services versions 3.0, 4.0, 5.0, and 6.0.
Can CVE-2013-0007 be exploited via web browsers?
Yes, CVE-2013-0007 can be exploited by attackers through specially crafted web pages viewed in affected web browsers.
Is there a known workaround for CVE-2013-0007 if I cannot apply the patch?
A known workaround for CVE-2013-0007 is to disable Microsoft XML Core Services in your system settings until the patch is applied.

agent/author
agent/type
agent/severity
agent/references
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/microsoft xml core services
version/microsoft xml core services/3.0
version/microsoft xml core services/4.0
version/microsoft xml core services/6.0
canonical/microsoft windows 7
version/microsoft windows 7/sp1
canonical/microsoft windows 8.0
canonical/microsoft windows server
version/microsoft windows server/sp2
version/microsoft windows server/r2
canonical/microsoft windows vista
version/microsoft windows vista/sp2
canonical/microsoft windows xp
version/microsoft windows xp/sp2
canonical/microsoft windows rt
version/microsoft windows xp/sp3
version/microsoft xml core services/5.0
canonical/microsoft expression web
version/microsoft expression web/sp1
version/microsoft expression web/2
canonical/microsoft groove management server
version/microsoft groove management server/2007-sp2
version/microsoft groove management server/2007-sp3
canonical/microsoft office
version/microsoft office/2003-sp3
version/microsoft office/2007-sp2
version/microsoft office/2007-sp3
canonical/microsoft office compatibility pack for word, excel, and powerpoint
version/microsoft office compatibility pack for word, excel, and powerpoint/sp2
version/microsoft office compatibility pack for word, excel, and powerpoint/sp3
canonical/microsoft sharepoint server 2010
version/microsoft sharepoint server 2010/2007-sp2
version/microsoft sharepoint server 2010/2007-sp3
canonical/microsoft office word viewer