SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft XML Core Services (MSXML) Vendors:   Microsoft
Microsoft XML Core Services (MSXML) Bug Lets Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1029746
SecurityTracker URL:  http://securitytracker.com/id/1029746
CVE Reference:   CVE-2014-0266   (Links to External Site)
Date:  Feb 11 2014
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft XML Core Services (MSXML). A remote user can obtain potentially sensitive information.

A remote user can create specially crafted HTML that, when loaded by the target user via Internet Explorer, will read files on the target user's local file system or read content of web domains with the privileges of the target user.

FireEye, Inc. reported this vulnerability.

Impact:   A remote user can obtain potentially sensitive information.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=950f873e-da4f-4b80-947a-034afc8f030a

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2703b0d3-b0d2-41f0-8fc5-01cd85b5fb7c

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=a1ac6e0b-a61f-4ee6-ada9-ac8112f183b6

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=47c9b297-5022-4a21-a77a-c879d6cc2dbc

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=79c368bd-f3e2-447b-a1b0-95957ce1db48

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=662f0e61-09e9-49b6-b6fd-fb380e10fbcd

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=e4f2cf28-4759-48c6-86aa-f3ea580641a0

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=e765ce1e-671e-41dc-9e94-f932e0ed52d4

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=caafd1dc-3f61-477a-baf4-82d732608c45

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=e2972d61-6a8e-477a-911e-dfb6f221cdcb

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=56863b59-8344-4fa7-8318-7832dbe64eb6

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=3d37a672-326a-46bf-9f15-0f551e385b1f

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=336461b4-589e-49c5-8871-f9e4656fb603

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=18a002c7-2c8d-43d1-a006-94c813da7989

Windows 8 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=29631609-bc36-44a2-8e31-68d13c8d4098

Windows 8 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=6c008a71-bfdd-4b60-b847-53d5d331c184

Windows 8.1 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=682b773e-21d8-4d66-90af-a8394d8c8de1

Windows 8.1 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=8158f9f8-f494-4953-bad6-f0e05e068957

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=1ffbe808-add5-43bc-9bfa-2817ad8a6e9d

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=12837041-b5a8-4b0b-9664-624b64935a2d

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=e765ce1e-671e-41dc-9e94-f932e0ed52d4

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=caafd1dc-3f61-477a-baf4-82d732608c45

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=336461b4-589e-49c5-8871-f9e4656fb603

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=1ffbe808-add5-43bc-9bfa-2817ad8a6e9d

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=12837041-b5a8-4b0b-9664-624b64935a2d

A restart may be required.

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms14-005

Vendor URL:  technet.microsoft.com/en-us/security/bulletin/ms14-005 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC