MS15-039: Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
Medium Nessus Plugin ID 82775
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionThe remote host contains a version of Microsoft XML Core Services (MSXML) that is affected by a same-origin policy security bypass vulnerability. A remote attacker can exploit this vulnerability by convincing a user to click a specially crafted link, resulting in the disclosure of sensitive user information, such as credentials and arbitrary files.
SolutionMicrosoft has released a set of patches for Windows 2003, Vista, 2008, 7, and 2008 R2.