Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information
|
SecurityTracker Alert ID: 1017033 |
SecurityTracker URL: http://securitytracker.com/id/1017033
|
CVE Reference:
CVE-2006-4685, CVE-2006-4686
(Links to External Site)
|
Updated: Oct 19 2006
|
Original Entry Date: Oct 10 2006
|
Impact:
Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, XP SP2, 2003 SP1; and prior service packs
|
Description:
Two vulnerabilities were reported in Microsoft XML Core Services. A remote user can cause arbitrary code to be executed on the target system.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in XSLT processing and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A remote user can also invoke the XMLHTTP ActiveX control with an HTTP server-side redirect to obtain information from other domains.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can create HTML that, when loaded by the target user, will be able to access information from other domains with the privileges of the target user.
|
Solution:
The vendor has issued the following fixes:
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f9d16d74-1785-4c33-b1fc-df5258dd1089
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8a455c3b-213c-4395-87e9-9895f2b9a6ed
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5593333f-bcd5-4750-a23d-4f7fccda6493
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=09b77b2a-a4fd-46e2-af15-2385790c9ee7
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=31c88513-29df-475b-b9ae-a2f5c1f32a8c
Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6183a9d2-89f5-4b25-be8b-090c6e050740
Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8A37C111-D8E9-4C2E-9674-169B3331491C
Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=961f3c95-ec4e-4561-ab27-b3180e9139c5
Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=961f3c95-ec4e-4561-ab27-b3180e9139c5
Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=961f3c95-ec4e-4561-ab27-b3180e9139c5
Microsoft XML Core Services 6.0 when installed on Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=fd513435-fa6d-407c-bedc-5fd03e5b7d6c
Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=fd513435-fa6d-407c-bedc-5fd03e5b7d6c
Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=fd513435-fa6d-407c-bedc-5fd03e5b7d6c
A restart is required.
On October 19, 2006, Microsoft reissued MS06-061 for Windows 2000 SP4 users. The previous update fixed the vulnerability but did not set the kill bit for Microsoft XML Parser 2.6. The reissued update sets the kill bit properly.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms06-061.mspx (Links to External Site)
|
Cause:
Access control error, Boundary error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|