|
||||||||||||||||
|
||||||||||||||||
|
| |||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
|
 |
| |
|
| |
| |
|
|
|
|
|
|
|
áòèé÷ :: Security-alerts |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [security-alerts] FW: [SA22333] Microsoft XML Core Services Information Disclosure and Code Execution
> > TITLE: > Microsoft XML Core Services Information Disclosure and Code Execution > > SECUNIA ADVISORY ID: > SA22333 > > VERIFY ADVISORY: > > > CRITICAL: > Highly critical > > IMPACT: > Exposure of sensitive information, System access > > WHERE: > From remote > > SOFTWARE: > Microsoft XML Parser 2.x > > Microsoft XML Core Services 3.x > > Microsoft Core XML Services (MSXML) 6.x > > Microsoft Core XML Services (MSXML) 4.x > > > DESCRIPTION: > Two vulnerabilities have been reported in Microsoft XML Core > Services, which can be exploited by malicious people to disclose > certain information and compromise a vulnerable system. > > 1) An unspecified error exists in the XMLHTTP ActiveX control when > interpreting a HTTP server-side redirect. This can be exploited to > disclose certain information e.g. via a specially crafted web page. > > 2) A boundary error exists in the XSLT processing in MSXML. This can > be exploited to cause a buffer overflow via a specially crafted web > page and allows execution of arbitrary code. > > SOLUTION: > Apply patches. > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Windows 2000 SP4: > > d74-1785-4c33-b1fc-df5258dd1089 > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows XP SP1: > > c3b-213c-4395-87e9-9895f2b9a6ed > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows XP SP2: > > c3b-213c-4395-87e9-9895f2b9a6ed > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows XP Professional x64 > Edition: > > 33f-bcd5-4750-a23d-4f7fccda6493 > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows Server 2003: > > b2a-a4fd-46e2-af15-2385790c9ee7 > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows Server 2003 SP1: > > b2a-a4fd-46e2-af15-2385790c9ee7 > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows Server 2003 for > Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for > Itanium-based Systems: > > 513-29df-475b-b9ae-a2f5c1f32a8c > > Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core > Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 > Edition: > > 9d2-89f5-4b25-be8b-090c6e050740 > > Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft > XML Core Services 5.0 SP1: > > 111-D8E9-4C2E-9674-169B3331491C > > Microsoft XML Core Services 4.0 on Windows 2000 SP4: > > c95-ec4e-4561-ab27-b3180e9139c5 > > Microsoft XML Core Services 4.0 on Microsoft Windows XP SP1 and > Microsoft Windows XP SP2: > > c95-ec4e-4561-ab27-b3180e9139c5 > > Microsoft XML Core Services 4.0 on Microsoft Windows Server 2003 and > Microsoft Windows Server 2003 SP1: > > c95-ec4e-4561-ab27-b3180e9139c5 > > Microsoft XML Core Services 6.0 on Windows 2000 SP4: > > 435-fa6d-407c-bedc-5fd03e5b7d6c > > Microsoft XML Core Services 6.0 on Microsoft Windows XP SP1 and > Microsoft Windows XP SP2: > > 435-fa6d-407c-bedc-5fd03e5b7d6c > > Microsoft XML Core Services 6.0 on Microsoft Windows Server 2003 and > Microsoft Windows Server 2003 SP1: > > 435-fa6d-407c-bedc-5fd03e5b7d6c > > PROVIDED AND/OR DISCOVERED BY: > Reported by the vendor. > > ORIGINAL ADVISORY: > MS06-061 (KB924191): > >
|