SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft XML Core Services (MSXML) Vendors:   Microsoft
Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information
SecurityTracker Alert ID:  1017033
SecurityTracker URL:  http://securitytracker.com/id/1017033
CVE Reference:   CVE-2006-4685, CVE-2006-4686   (Links to External Site)
Updated:  Oct 19 2006
Original Entry Date:  Oct 10 2006
Impact:   Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP4, XP SP2, 2003 SP1; and prior service packs
Description:   Two vulnerabilities were reported in Microsoft XML Core Services. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in XSLT processing and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A remote user can also invoke the XMLHTTP ActiveX control with an HTTP server-side redirect to obtain information from other domains.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can create HTML that, when loaded by the target user, will be able to access information from other domains with the privileges of the target user.

Solution:   The vendor has issued the following fixes:

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=f9d16d74-1785-4c33-b1fc-df5258dd1089

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5593333f-bcd5-4750-a23d-4f7fccda6493

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=31c88513-29df-475b-b9ae-a2f5c1f32a8c

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6183a9d2-89f5-4b25-be8b-090c6e050740

Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8A37C111-D8E9-4C2E-9674-169B3331491C

Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=961f3c95-ec4e-4561-ab27-b3180e9139c5

Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=961f3c95-ec4e-4561-ab27-b3180e9139c5

Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=961f3c95-ec4e-4561-ab27-b3180e9139c5

Microsoft XML Core Services 6.0 when installed on Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=fd513435-fa6d-407c-bedc-5fd03e5b7d6c

Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=fd513435-fa6d-407c-bedc-5fd03e5b7d6c

Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=fd513435-fa6d-407c-bedc-5fd03e5b7d6c

A restart is required.

On October 19, 2006, Microsoft reissued MS06-061 for Windows 2000 SP4 users. The previous update fixed the vulnerability but did not set the kill bit for Microsoft XML Parser 2.6. The reissued update sets the kill bit properly.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-061.mspx (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC