A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input.
Weakness
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_10 | Microsoft | - (including) | - (including) |
| Windows_10 | Microsoft | 1607 (including) | 1607 (including) |
| Windows_10 | Microsoft | 1703 (including) | 1703 (including) |
| Windows_10 | Microsoft | 1709 (including) | 1709 (including) |
| Windows_10 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_10 | Microsoft | 1809 (including) | 1809 (including) |
| Windows_10 | Microsoft | 1903 (including) | 1903 (including) |
| Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
| Windows_8.1 | Microsoft | - (including) | - (including) |
| Windows_rt_8.1 | Microsoft | - (including) | - (including) |
| Windows_server_2008 | Microsoft | –sp2 (including) | –sp2 (including) |
| Windows_server_2008 | Microsoft | r2-sp1 (including) | r2-sp1 (including) |
| Windows_server_2012 | Microsoft | - (including) | - (including) |
| Windows_server_2012 | Microsoft | r2 (including) | r2 (including) |
| Windows_server_2016 | Microsoft | - (including) | - (including) |
| Windows_server_2016 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_server_2016 | Microsoft | 1903 (including) | 1903 (including) |
| Windows_server_2019 | Microsoft | - (including) | - (including) |