Oval Definition:oval:org.cisecurity:def:477
Revision Date:2016-05-27Version:37
Title:MSXML Remote Code Execution Vulnerability - CVE-2016-0147 (MS16-040)
Description:Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0147
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft XML Core Services 3
Definition Synopsis
  • Microsoft XML Core Services 3 is installed
  • AND vulnerable windows OS + vulnerable file version
  • Vista/2008 + vulnerable file version
  • Vista/2008
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Check for vulnerable file version
  • Check if the version of msxml3.dll is less than 8.100.5013.0
  • OR Check if the version of msxml3r.dll is less than 8.20.8730.1
  • OR Win7/R2 + vulnerable file version
  • Win7/R2
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND Check for vulnerable file version
  • Check if the version of msxml3.dll is less than 8.110.7601.23373
  • OR Check if the version of msxml3r.dll is less than 8.110.7601.23373
  • OR Win8.1/2k12 R2 + vulnerable file version
  • Win8.1/2k12 R2
  • Microsoft Windows Server 2012 R2 is installed
  • OR Microsoft Windows 8.1 is installed
  • AND Check for vulnerable file version
  • Check if the version of msxml3.dll is less than 8.110.9600.18258
  • OR Check if the version of msxml3r.dll is less than 8.110.9600.16384
  • OR 2k12 + vulnerable file version
  • Microsoft Windows Server 2012 is installed
  • AND Check for vulnerable file version
  • Check if the version of msxml3.dll (x64) is less than 8.110.9200.21793
  • OR Check if the version of msxml3.dll (x86) is less than 8.110.9200.21794
  • OR Check if the version of msxml3r.dll is less than 8.110.9200.20551
  • OR Win10 + vulnerable file version
  • Microsoft Windows 10 is installed
  • AND Check for vulnerable file version
  • Check if the version of msxml3.dll is less than 8.110.10240.16766
  • OR Check if the version of msxml3r.dll is less than 8.110.10240.16384
  • OR Win10 1511 + vulnerable file version
  • 1511
  • Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND Check for vulnerable file version
  • Check if the version of msxml3.dll is less than 8.110.10586.212
  • OR Check if the version of msxml3r.dll is less than 8.110.10586.0
    • BACK