Does using many XML parsers (XDocument, XMLDocument) from the public Internet increase attack surface area?

Question

I am coding an anonymous WCF service that allows others to post XML into it.

Does using different kinds of XML parsers XDocument, XMLDocument, or even 3rd party parsers increase the attack surface area? (Buffer overflows, etc).

Related: [XML Encryption Vulnerability](http://security.stackexchange.com/q/8328/396) — makerofthings7, Oct 23 '11 at 17:14

score 3 · Accepted Answer · answered Jan 22 '11 at 03:41

3

Yes. By definition, allowing user interaction with additional software increases the Attack surface.

answered Jan 22 '11 at 03:41

nealmcb

20,544
6
69
116

Exactly. The more things, the more things that can be broken. – Matthew Read Jan 23 '11 at 00:26

Does using many XML parsers (XDocument, XMLDocument) from the public Internet increase attack surface area?

1 Answers1