Summary: Recently, a security researcher disclosed a XML External Entity Injection Zero Day in Microsoft Visual Studio 2008 Express IDE. It can allow remote attackers to grap files from the victims computer, sending them to the remote attackers server. Affected Product:Visual Studio 2008 Express IDE Security Issue:Visual Studio 2008 IDE vulnerable to XML External Entity … Continue reading “Microsoft Visual Studio 2008 Express IDE XML Injection Vulnerability (Zero Day)”
Tag: XXE
Microsoft Internet Explorer XML External Entity (XXE) Vulnerability – Zero Day
Overview: A security researcher has publicly disclosed the details of a zero-day vulnerability in Microsoft Internet Explorer 11. Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file. From techtarget.com, “MHT is a Web page archive file format. The archived Web page is an MHTML (short for … Continue reading “Microsoft Internet Explorer XML External Entity (XXE) Vulnerability – Zero Day”
Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629
Introduction Two Critical vulnerabilities have been reported in the Apache Solr distributions. These vulnerabilities were found in the latest distribution of Apache Solr. One of which is an XML External Entity (XXE) Processing and the other allows remote code execution using one of the publicly exposed API. It has been assigned CVE-2017-12629. The two vulnerabilities could … Continue reading “Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629”