Secunia - Stay Secure
Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


Microsoft XML Core Services Information Disclosure and Code Execution Advisory Available in Danish  Advisory Available in German 

Secunia Advisory: SA22333  
Release Date: 2006-10-10
Last Update: 2006-10-24

Critical:
Highly critical
Impact: Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch

Software:Microsoft Core XML Services (MSXML) 6.x
Microsoft XML Core Services (MSXML) 4.x
Microsoft XML Core Services 3.x
Microsoft XML Parser 2.x

CVE reference:CVE-2006-4685 (Secunia mirror)
CVE-2006-4686 (Secunia mirror)

Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!


Description:
Two vulnerabilities have been reported in Microsoft XML Core Services, which can be exploited by malicious people to disclose certain information and compromise a vulnerable system.

1) An unspecified error exists in the XMLHTTP ActiveX control when interpreting a HTTP server-side redirect. This can be exploited to disclose certain information e.g. via a specially crafted web page.

2) A boundary error exists in the XSLT processing in MSXML. This can be exploited to cause a buffer overflow via a specially crafted web page and allows execution of arbitrary code.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
Apply patches.

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=f9d16d74-1785-4c33-b1fc-df5258dd1089

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP SP1:
http://www.microsoft.com/downloads/de...=8a455c3b-213c-4395-87e9-9895f2b9a6ed

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP SP2:
http://www.microsoft.com/downloads/de...=8a455c3b-213c-4395-87e9-9895f2b9a6ed

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=5593333f-bcd5-4750-a23d-4f7fccda6493

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/de...=09b77b2a-a4fd-46e2-af15-2385790c9ee7

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 SP1:
http://www.microsoft.com/downloads/de...=09b77b2a-a4fd-46e2-af15-2385790c9ee7

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=31c88513-29df-475b-b9ae-a2f5c1f32a8c

Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=6183a9d2-89f5-4b25-be8b-090c6e050740

Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 SP1:
http://www.microsoft.com/downloads/de...=8A37C111-D8E9-4C2E-9674-169B3331491C

Microsoft XML Core Services 4.0 on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=961f3c95-ec4e-4561-ab27-b3180e9139c5

Microsoft XML Core Services 4.0 on Microsoft Windows XP SP1 and Microsoft Windows XP SP2:
http://www.microsoft.com/downloads/de...=961f3c95-ec4e-4561-ab27-b3180e9139c5

Microsoft XML Core Services 4.0 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1:
http://www.microsoft.com/downloads/de...=961f3c95-ec4e-4561-ab27-b3180e9139c5

Microsoft XML Core Services 6.0 on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=fd513435-fa6d-407c-bedc-5fd03e5b7d6c

Microsoft XML Core Services 6.0 on Microsoft Windows XP SP1 and Microsoft Windows XP SP2:
http://www.microsoft.com/downloads/de...=fd513435-fa6d-407c-bedc-5fd03e5b7d6c

Microsoft XML Core Services 6.0 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1:
http://www.microsoft.com/downloads/de...=fd513435-fa6d-407c-bedc-5fd03e5b7d6c

Provided and/or discovered by:
Reported by the vendor.

Changelog:
2006-10-11: Added link to US-CERT.
2006-10-13: Added link to US-CERT.
2006-10-24: Microsoft has re-released the security update for Windows 2000 SP4 where the previous update did not correctly set the kill bit for Microsoft XML Parser 2.6.

Original Advisory:
MS06-061 (KB924191):
http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx

Other References:
US-CERT VU#703936:
http://www.kb.cert.org/vuls/id/703936

US-CERT VU#562788:
http://www.kb.cert.org/vuls/id/562788



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

2 Related Secunia Security Advisories

1. Microsoft XML Core Services "substringData()" Integer Overflow
2. Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability


Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.








Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
Honeyd "test.sh" Insecure Temporary Files
2.
HP-UX update for Apache
3.
OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability
4.
Tiger "genmsgidx" Insecure Temporary Files
5.
Red Hat Directory Server Multiple Vulnerabilities
6.
JustSystems Ichitaro Products Unspecified Code Execution Vulnerability
7.
phpBB BBcode Script Insertion Vulnerability
8.
Ampache "gather-message s.sh" Insecure Temporary Files
9.
Red Hat update for tomcat
10.
Red Hat update for adminutil





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia