Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA51773

Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Secunia Advisory SA51773
Secunia VIM 4.0 - Free Trial
Release Date 2013-01-08
Last Update 2013-01-09
   
Popularity 8,709 views
Comments 13 comments

Criticality level Highly criticalHighly critical
Impact System access
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
   
Software:
Microsoft Expression Web 1.x
Microsoft Expression Web 2.x
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2003 Web Components
Microsoft Office 2007
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Word Viewer
Microsoft SharePoint Server 2007
Microsoft XML Core Services (MSXML) 3.x
Microsoft XML Core Services (MSXML) 4.x
Microsoft XML Core Services (MSXML) 5.x
Microsoft XML Core Services (MSXML) 6.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2013-0006 CVSS score available to Secunia VIM customers
CVE-2013-0007 CVSS score available to Secunia VIM customers
  

Description

Two vulnerabilities have been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.

1) An integer truncation error when parsing XML content can be exploited to corrupt memory.

2) An unspecified error when parsing XSLT content can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.


Solution
Apply updates.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Reported by the vendor.
2) The vendor credits Nicolas Gregoire, Agarri via iDefense Labs.

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS13-002 (KB2756145, KB2758694, KB2757638, KB2758696, KB2760574, KB2687499, KB2687497):
http://technet.microsoft.com/en-us/security/bulletin/ms13-002

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
 
User Message
CSGalloway RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Member 31st Jan, 2013 22:03
Score: 3
Posts: 22
User Since: 12th Sep 2008
System Score: 97%
Location: Raleigh, US
Last edited on 31st Jan, 2013 22:03		 I have done windows update and it does not say I need tp update XML anything. Please adivse as I think this is a Secunia problem.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Handling Contributor 31st Jan, 2013 22:37
Score: 10510
Posts: 8,072
User Since: 4th Jan 2009
System Score: 100%
Location: UK
Last edited on 31st Jan, 2013 23:12		 Close inspection shows that the Advisory has a date stamp of 9 January.

As far as I can see having followed the disclosure trail it was fixed by Microsoft Update on the 8th January monthly update cycle. KB2758694 in your installed updates refers if using Windows 7.

EDIT:
The Microsoft Tech Bulletin is here that covers all the update KB's for various OS's.

http://technet.microsoft.com/en-us/security/bullet...



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+2
-0
jgnetworksecurity RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Member 15th Feb, 2013 03:45
Score: 0
Posts: 2
User Since: 11th Jun 2012
System Score: N/A
Location: US
Last edited on 15th Feb, 2013 03:45		 I am having this same problem on win8pro, I have applied all windows updates and all of a sudden it is asking me to download msxml4 sp3 parser which is old file. It shows the offending file is in the C:Windows\SysWow64\msxml4.dll. I have already applied Januarys updates as well as Februarys updates. I want to report this to Secunia since I remember this false positive happening with XML before 6 months ago and about 2 years ago. I cannot check my other computers because this is only win8 pro machine and only one with PSI 3.

--
JGNetworkSecurity
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Handling Contributor 15th Feb, 2013 10:39
Score: 10510
Posts: 8,072
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 Secunia are reporting correctly if you have not got MSXML 4.3.2117.0 installed. I have revised the post I wrote some time ago when this issue first appeared on how to update to that version.

MSXML ISSUES

The release note for MSXML 4 are here:
http://download.microsoft.com/download/A/2/D/A2D85...

Please note this SP was released before Windows 7 & 8 was produced therefore there is no mention of compatibility or support once installed - it works flawlessly with Windows 7 on both 32 & 64 Bit systems I have NOT tested it on my Windows 8 PC because I have no old legacy programmes that require it to be installed.

Firstly, it is important to note the VERSION NUMBER currently installed which PSI gives in the vulnerability report because there are three possible solutions.

Solution 1
If PSI gives a version number starting 4.2 or 4.1 that indicates that the very old MSXML 4 SP2 or even older SP1 is installed which must be MANUALLY upgraded to MSXML 4 SP3 as follows:

Click this link
http://www.microsoft.com/en-us/download/details.as...

Once open activate the clearly marked download link called MSXML.MSI - 2.3 MB.

Once installed run Windows Update - there are some additional patches for MSXML 4 SP3.

On completion PSI will show MSXML 4 as secure with version 4.30.2117.0. after a full PSI rescan


Solution 2
If PSI reveals the path to be 4.3 that almost certainly indicates that the latest Windows Update patch is not installed correctly. Run a Windows Update scan - if that reveals nothing try a manual update using this link:

http://www.microsoft.com/en-us/download/details.as...

Solution 3

If MSXML 4 SP3 BETA is installed ensure it is fully removed prior to using Solution 1. The Release Notes referred.

After any full PSI rescan the Scan Result Page should show this for MSXML:

https://akkkug.bn1.livefilestore.com/y1pA8VEBrQiDZ...

Revised 09:11 15/02/2013

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+3
-0
ParzivalRM RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Member 10th Mar, 2013 07:20
Score: 12
Posts: 34
User Since: 15th May 2010
System Score: N/A
Location: AU
Last edited on 10th Mar, 2013 07:20		 Thanks, Maurice, for this careful posting. A fortnight ago I unfortunately had to put my daughter's Toshiba Satellite A200 notebook back to factory settings, which meant Vista without any services packs!!! Together with exhaustive use of "Control Panel --> Windows Update" beforehand, in between, and afterwards, I installed Vista SP1 and Vista SP2 by downloading Microsoft's "5-language standalone" installers, . I thought that all was well until I installed Secunia, which reports that that my only security problem is
* Microsoft XML Core Servies (MSXML), Detected Version 4.20.9876.0

From your last posting above, the appropriate way to go.thus seems to be your "Solution 1" But when I click on the link that you give within "Solution 1", Microsoft tells me that the "System Requirements" for "MSXML 4.0 Service Pack 3 (Microsoft XML Core Services)" include Vista and Vista SP1, but makes no mention at all of "Vista SP2".

I now have Vista SP2 installed on this notebook --- at least that's what "Control Panel --> System" says is there --- so does that rule out your "Solution 1"?

(By the way, running Windows Update, rebooting, and rescanning with Secunia haven't changed anything.)
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Handling Contributor 10th Mar, 2013 09:35
Score: 10510
Posts: 8,072
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 No - Solution 1 should work given the MSXML version you currently have installed.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+2
-0
ParzivalRM RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Member 14th Mar, 2013 08:36
Score: 12
Posts: 34
User Since: 15th May 2010
System Score: N/A
Location: AU
Last edited on 14th Mar, 2013 08:36		 I finally stole some time on the said computer. I follows your "Solution 1", then I ran Windows update until it had no more updates, then I ran a Secunia scan, and I was rewarded with 100% score. Thanks very much for your help.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Handling Contributor 14th Mar, 2013 09:47
Score: 10510
Posts: 8,072
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 @ParzivalRM

Pleased to see you are all fixed up.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+0
-0
roncri RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
New Member 27th Apr, 2013 01:38
Score: 0
Posts: 1
User Since: 27th Apr 2013
System Score: N/A
Location: US
Last edited on 27th Apr, 2013 01:38		 Any idea why this should be happening with Windows 8 64 bit?
Was this reply relevant?
+0
-0
ramaccount RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
New Member 27th Apr, 2013 03:55
Score: 0
Posts: 2
User Since: 27th Apr 2013
System Score: N/A
Location: US
Last edited on 27th Apr, 2013 03:55		 I had the same problem as the user who posted originally, on my Windows 8 64 bit system.
I followed Maurice Joyce's instructions, found I had version 4.2, and applied Solution 1 which is to download an MSI and update manually.
Ran Windows update, it updated some MSXML file, and gave me an all clear.

Now PSI says I have MSXML versions 3, 3 (64 bit), 4, 4 (64 bit), 6 and 6 (64 bit)!
Trying to update through PSI sends me to the Windows Update panel, and that panel shows no updates to apply!

Help?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Handling Contributor 27th Apr, 2013 07:37
Score: 10510
Posts: 8,072
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 You should have versions 3,4 & 6.

Try a reboot & then a full PSI scan - what result do you get then?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+2
-0
ramaccount RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
New Member 27th Apr, 2013 17:48
Score: 0
Posts: 2
User Since: 27th Apr 2013
System Score: N/A
Location: US
Last edited on 27th Apr, 2013 17:48		 Maurice, it's all clear and I got to 100%!
Thanks for your help!
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Integer Truncation and XSLT Parsing Vulnerabilities
Handling Contributor 4th May, 2013 17:11
Score: 10510
Posts: 8,072
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 @roncri

I have just noticed I missed your question. You have loaded a programme onto Windows 8 that is reliant on the old MSXML 4 to function.

There is no reason why MSXML 4 should not work & if it remains showing as vulnerable it should be updated as a matter of urgency.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+1
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability