Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA26447] Microsoft XML Core Services Memory Corruption Vulnerability



>
> TITLE:
> Microsoft XML Core Services Memory Corruption Vulnerability
>
> SECUNIA ADVISORY ID:
> SA26447
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26447/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Office 2007
> http://secunia.com/product/13228/
> Microsoft XML Core Services 3.x
> http://secunia.com/product/12262/
> Microsoft XML Core Services (MSXML) 4.x
> http://secunia.com/product/6472/
> Microsoft Office SharePoint Server 2007
> http://secunia.com/product/13227/
> Microsoft Office Groove Server 2007
> http://secunia.com/product/15303/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Core XML Services (MSXML) 6.x
> http://secunia.com/product/6473/
>
> DESCRIPTION:
> A vulnerability has been reported in Microsoft XML Core Services,
> which can be exploited by malicious people to compromise a user's
> system.
>
> The vulnerability is caused due to an input validation error when
> handling certain script requests. This can be exploited to cause a
> memory corruption when a user e.g. visits a malicious website.
>
> Successful exploitation may allow execution of arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Microsoft XML Core Services 3.0 for Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=24521
> 4ea-76f9-4755-8a14-a74232e20c1c
>
> Microsoft XML Core Services 4.0 for Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 6.0 for Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92
> E77-9E5A-41B1-A9D2-64443913C976
>
> Microsoft XML Core Services 3.0 for Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=dea6a
> 48f-fb00-43f3-a374-3220f9759c2d
>
> Microsoft XML Core Services 3.0 for Windows XP Professional x64
> Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=b8862
> ca9-1203-4056-a257-29271838ac0d
>
> Microsoft XML Core Services 4.0 for Windows XP SP2
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 4.0 for Windows XP Professional x64
> Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 6.0 for Windows XP SP2
> http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92
> E77-9E5A-41B1-A9D2-64443913C976
>
> Microsoft XML Core Services 6.0 for Windows XP Professional x64
> Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92
> E77-9E5A-41B1-A9D2-64443913C976
>
> Microsoft XML Core Services 3.0 for Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=12618
> ad0-aefd-4c9a-a769-4b14a7603d6e
>
> Microsoft XML Core Services 3.0 for Windows Server 2003 x64 Edition
> (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=61bf0
> 0a9-aeea-431a-86d3-526a4a373bb7
>
> Microsoft XML Core Services 3.0 for Windows Server 2003 for
> Itanium-based systems SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=b0285
> dd7-bf66-4226-9948-26e8aae99046
>
> Microsoft XML Core Services 4.0 for Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 4.0 for Windows Server 2003 x64 Edition
> (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 4.0 for Windows Server 2003 for
> Itanium-based systems SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 6.0 for Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92
> E77-9E5A-41B1-A9D2-64443913C976
>
> Microsoft XML Core Services 6.0 for Windows Server 2003 x64 Edition
> (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92
> E77-9E5A-41B1-A9D2-64443913C976
>
> Microsoft XML Core Services 6.0 for Windows Server 2003 for
> Itanium-based systems SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92
> E77-9E5A-41B1-A9D2-64443913C976
>
> Microsoft XML Core Services 3.0 for Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c734d
> 7de-5d87-4904-81c3-714db2cb8b0d
>
> Microsoft XML Core Services 3.0 for Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0a465
> d77-a737-4d26-82a1-570f9c788a8a
>
> Microsoft XML Core Services 4.0 for Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 4.0 for Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=021E1
> 2F5-CB46-43DF-A2B8-185639BA2807
>
> Microsoft XML Core Services 6.0 for Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=14270
> 529-3ae5-43bf-a471-722ab010d81e
>
> Microsoft XML Core Services 6.0 for Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=928da
> 3d2-b0b9-447a-b37a-4350497fe563
>
> Microsoft XML Core Services 5.0 in Microsoft Office 2003 Service Pack
> 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=A339C
> B7B-E08A-47F8-AC0B-DF449191424A
>
> Microsoft XML Core Services 5.0 in 2007 Microsoft Office System:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7A974
> 78A-832C-4A6B-B074-0E18B1E4ED33
>
> Microsoft XML Core Services 5.0 in Microsoft Office SharePoint
> Server:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E8756
> 13B-2F32-4F28-A635-664A25C95C18
>
> Microsoft XML Core Services 5.0 in Microsoft Office Groove Server
> 2007:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E8756
> 13B-2F32-4F28-A635-664A25C95C18
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> * An anonymous researcher, reported via iDefense Labs
> * An anonymous researcher, reported via ZDI
>
> ORIGINAL ADVISORY:
> MS07-042 (KB936227):
> http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx
>



 




Copyright © Lexa Software, 1996-2009.