Secunia

Multiple vulnerabilities have been reported in Microsoft XML Core Services, which can be exploited by malicious people to gain knowledge of sensitive information or potentially compromise a user's system.

1) A race condition when parsing XML content can be exploited to corrupt memory by reloading specially crafted XML files with nested tags in multiple iframes.

Successful exploitation may allow execution of arbitrary code by e.g. tricking a user into visiting a malicious website.

NOTE: This vulnerability only affects systems with Microsoft XML Core Services 3.0 installed.

2) An error in the handling of error checks for external document type definitions (DTDs) can be exploited to violate the cross-domain policy and read contents from another domain when a user e.g. visits a malicious website or views a specially crafted HTML e-mail.

NOTE: This vulnerability only affects systems with Microsoft XML Core Services 3.0 or Microsoft XML Core Services 4.0 installed.

3) An error in the handling of transfer-encoding headers can be exploited to violate the cross-domain policy and read contents from another domain when a user e.g. visits a malicious website or views a specially crafted HTML e-mail.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Michal Zalewski
2) The vendor credits Gregory Fleischer.
3) The vendor credits Stefano Di Paola, Minded Security.

Changelog
Further details available in Customer Area

Original Advisory
MS08-069 (KB955218):
http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx

Michal Zalewski:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051616.html

Deep Links
Links available in Customer Area