CVE-2013-0007

Microsoft XML Core Services 4.0, 5.0, 6.0 - Remote Code Execution via Crafted Web Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0007. PoCs published by jyyjw.

AI-analyzed exploit summary This PowerShell script remediates CVE-2013-0007 by unregistering and renaming MSXML 4.0 DLLs to mitigate the vulnerability. It targets unsupported MSXML 4.0 components flagged by vulnerability scanners.

Description

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Exploits (1)

nomisec WORKING POC

by jyyjw · poc

https://github.com/jyyjw/msxml4-remediation

View Code ZIP pw:eip

This PowerShell script remediates CVE-2013-0007 by unregistering and renaming MSXML 4.0 DLLs to mitigate the vulnerability. It targets unsupported MSXML 4.0 components flagged by vulnerability scanners.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft XML Core Services (MSXML) 4.0

Auth required

Prerequisites: Windows OS · PowerShell 5.1 or later · Administrator privileges

MITRE ATT&CK

T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA13-008A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002

Scores

EPSS 0.3157

EPSS Percentile 98.1%

Details

CWE

CWE-94

Status published

Products (21)

microsoft/expression_web

microsoft/expression_web 2

microsoft/groove_server 2007 sp2 (2 CPE variants)

microsoft/office 2003 sp3

microsoft/office 2007 sp2 (2 CPE variants)

microsoft/office_compatibility_pack (2 CPE variants)

microsoft/sharepoint_server 2007 sp2 (2 CPE variants)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_8

microsoft/windows_rt

... and 11 more

Published Jan 09, 2013

Tracked Since Feb 18, 2026