SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft XML Core Services (MSXML) Vendors:   Microsoft
Microsoft XML Core Services (MSXML) XML Parsing Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1031187
SecurityTracker URL:  http://securitytracker.com/id/1031187
CVE Reference:   CVE-2014-4118   (Links to External Site)
Date:  Nov 11 2014
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft XML Core Services (MSXML). A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted content that, when loaded by the target user via Microsoft Internet Explorer, will trigger an XML parsing error and execute arbitrary code on the target system.

Alisa Esage Shevchenko of Esage Lab reported this vulnerability.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=9c155ddf-81ad-45e7-a32a-6c0d63d3cdb0

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=dd2608d4-360e-4ac8-a40d-ffbb6787ce36

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d36dcc62-7d65-42ab-a088-9f339a78b931

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5381ce98-0888-4670-9e4a-b2773ec2f105

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=06837728-7aa9-4d77-a656-06fe9dd10911

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=22fa4d32-dcf2-46ab-b9d9-97b10639ef80

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3c82b219-6259-4457-914a-a6500733033d

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=599f3cdd-0269-4f8a-bb03-24ffe9bb5153

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=d5b096b7-0bd8-4598-9a79-91ba08a98b6c

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=93e180a1-b7b9-4153-8ab1-d536494d9263

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0a1b546f-5817-4f88-8c9d-3175e970f189

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=7c8882e7-80c3-4453-8768-0a910d6576dd

Windows 8 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=e7e5d876-4fac-4121-84af-a61772252aa3

Windows 8 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=f2af12e6-5dc2-43c2-b184-dae8b71bdc76

Windows 8.1 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=c08ab9f1-a9b6-4898-8ddc-62dbf43ccf21

Windows 8.1 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d1d77ff5-4a70-4384-b513-cdb692edfe2d

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=da6f84a2-9262-43fa-b01a-b1dd4cc750ce

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=a3a7a5a1-b390-44aa-9c92-5208fe570d58

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=22fa4d32-dcf2-46ab-b9d9-97b10639ef80

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3c82b219-6259-4457-914a-a6500733033d

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0a1b546f-5817-4f88-8c9d-3175e970f189

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=da6f84a2-9262-43fa-b01a-b1dd4cc750ce

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=a3a7a5a1-b390-44aa-9c92-5208fe570d58

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms14-067

Vendor URL:  technet.microsoft.com/library/security/ms14-067 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC