navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft xml Core Services (MSXML) x4

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 4.x

This thread has been marked as resolved.
julio991 Microsoft xml Core Services (MSXML) x4
Member 4th Dec, 2010 19:49
Ranking: 1
Posts: 23
User Since: 7th Mar, 2010
System Score: N/A
Location: CA
Last edited on 4th Dec, 2010 19:49

I just downloaded Secunia PSI on this new Acer laptop x64 Windows 7 Home Premium. When I bought this laptop a month ago it came with a free NTI Media Maker 8 sortware program on it that I think is outdated or maybe just a lure to buy the new upgrade. The reason I think that this is so is the only vulnerability that shows is:Microsoft xml Core Services (MSXML0X4, this is the vulnerability or the insecure program. The installation path shows as C:\Program Files (X86)\ NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll. What PSI says is that normally I could update with Windows Update, but that doesn't work, so I'm at a loss as to what I need to do to get rid of this vulnerability. It's not a bad little program,(NTI), But I'm not paying the money to upgrade besides the vulnerability seems to be the msxml 4 so I'm kind of at a loss what needs to happen here. Hopefully you all can give me some insight here.

Post "RE: Microsoft xml Core Services (MSXML) x4" has been selected as an answer.
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 20:31
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
There seems to be an update available from here :-
http://www.nticorp.com/en/us/support/oem_acer_sw.a...

Had you already tried it ?
Hope it helps........regards,

--
Was this reply relevant?
+1
-0
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 21:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
julio991.

I should have mentioned....made you aware of the fact earlier....that this section of the forum (Vulnerabilities) is reserved for notification regarding advisories, and subsequent "discussion" specifically related to. In the future, could you please use the other sections available. Thankyou....regards,

--
Was this reply relevant?
+0
-1
julio991 RE: Microsoft xml Core Services (MSXML) x4
Member 4th Dec, 2010 21:28
Score: 1
Posts: 23
User Since: 7th Mar 2010
System Score: N/A
Location: CA
Last edited on 4th Dec, 2010 21:31
Got excited there for a second. Went with the link you provided and the program updated ok to .6637, but the msxml4.dll stayed the same and so did the insecurity. It's funny that the MSXML that is installed on my computer is newer than the one that is in the installation path of this program. Boy, this can get confusing. It shows that the msxml4.dll has an install date of 07. That is the one associated to the NTI Media Maker 8. It almost feels as though I would either have to upgrade to Media Maker 9 or just un-install the program altogether to get rid of the insecurity.
Now, where do I install any new thread if I don't use the vulnerability for help? This is in reply to your second post. Would I post something like this in PSI or Programs or Open Discussion? I still need help with the first problem, so should this be moved or is it OK for now? Like I said, confusing sometimes.
Was this reply relevant?
+0
-0
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 22:07
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
I think that because the msxml is part of the original NTI prog...Secunia point to NTI to resolve it. I thought there may have been a chance the NTI update might have resolved it. I noticed when searching earlier...the other option is to go to NTI 9...that costs, I seem to remember.....whether that resolves the insecurity shown in the 8, I havn't yet looked into. I havn't found anything in Secunia advisories yet.
You can start a thread in Programs/Open Discussions/PSI....OR psi 2.0Beta , if using it.....hopefully this will be okay for now. Users and helpers have been penalized in the past.

--
Was this reply relevant?
+1
-0
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 22:09
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Just thought......since carrying out that update to NTI....have you tried rebooting(?)...very often that will cause it to register.


--
Was this reply relevant?
+0
-0
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 22:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 4th Dec, 2010 22:16
These are the software items in the Secunia database :-


NewTech Infosystems is currently associated with 4 pieces of software and operating systems in the Secunia database.

Choose a product below and view a full report about Secunia advisories affecting it.


Software
- NTI Backup Now 5.x
- NTI CD&DVD-Maker 7.x
- NTI Media Maker 8 1.x
- NTI Shadow 3.x
http://secunia.com/advisories/vendor/2177/




--
Was this reply relevant?
+0
-0
julio991 RE: Microsoft xml Core Services (MSXML) x4
Member 4th Dec, 2010 22:39
Score: 1
Posts: 23
User Since: 7th Mar 2010
System Score: N/A
Location: CA
I did as you suggested as far as the reports go and there's nothing to be found. I'm going to create a restore point and then uninstall this and if that works, which it probably will, so be it. Why they(Acer) would put an out of date piece of software on their product that you can't update is beyond me. W/O buying it I mean. I would bet the Upgrade NTI Media Maker 9 would be OK, but they want 80.00 for it.
Was this reply relevant?
+0
-0
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 22:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
There are no vulnerabilities showing for the product here :-
http://secunia.com/advisories/product/27527/

Copy below :-

If you have information about a new or an existing vulnerability in NTI Media Maker 8 1.x then you are more than welcome to contact us.

Vendor, Links, and Unpatched Vulnerabilities

Vendor NewTech Infosystems

Product Link N/A

Affected By 0 Secunia advisories
0 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 0% (0 of 0 Secunia advisories)

Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

--
Was this reply relevant?
+1
-0
Anthony Wells RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 22:48
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi Julio ,

Here is a work around "at your own risk from an old thread :-

http://secunia.com/community/forum/thread/show/245...

Maybe it will give you an idea of what to do .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
mogs RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 22:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
There's an upgrade for $39.99 here :-
http://www.nticdmaker.com/en/us/product/media_make...

--
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft xml Core Services (MSXML) x4
Dedicated Contributor 4th Dec, 2010 23:10
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
The previous article that Anthony referred you too does not relate to a 64bit system, so you would have to modify the procedure appropriately.

The NTI program is 32bit so you would have to make sure you find 32bit versions of the MSXML 4.0 dlls - msxml4.dll and msxml4r.dll - probably in the C:\Windows\SysWOW64 folder.

You could try moving the MSXML dll's out of the NTI folder and seeing whether the program still works by finding the system copies.

I'm unable to test any of this so I can't guarantee the outcome.

It's unlikely that this amounts to much of a security vulnerability in this location, unless something is specifically targetting the NTI program.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 23:17
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Thanks for your timely (hopefully) corrections , ddm .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
julio991 RE: Microsoft xml Core Services (MSXML) x4
Member 4th Dec, 2010 23:19
Score: 1
Posts: 23
User Since: 7th Mar 2010
System Score: N/A
Location: CA
The system copies I have are msxml6.dll. The same with the little r dll. I was going to try and replace those into the NTI MM8 folder. What do you think? Either that or just hide it. Like you said someone would have to target that piece of software on my machine, right?
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft xml Core Services (MSXML) x4
Expert Contributor 4th Dec, 2010 23:44
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Icould not say if x.6 would work or not , but the versions are not interchangeable and are not updates of previous branches .

Here is the list of all versions of MSXML :-

http://support.microsoft.com/kb/269238

and here is the x.4 SP3 mentioned in the other thread (see the instructions there) :-

http://www.microsoft.com/downloads/en/details.aspx...

or you could ignore it ; but only if you are not confident in changing the files around .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Maurice Joyce RE: Microsoft xml Core Services (MSXML) x4
Handling Contributor 4th Dec, 2010 23:47
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 4th Dec, 2010 23:48
Julio,
What is the version number of MSXML4 that is embedded in the programme?

MSXML6 is not a replacement for MSXML4 as U will note below.

WINDOWS MSXML DETAILS

This gives an overview of MSXML & a fix for MSXML 4 problems.

MSXML 6.0.
+++++++++
MSXML6 is the latest MSXML product from Microsoft, and along with MSXML3 is shipped with Microsoft SQL Server 2005, Visual Studio 2005, .NET Framework 3.0, Windows Vista, Windows 7 and Windows XP Service Pack 3. It also has support for native 64-bit environments. It is an upgrade but not replacement for versions 3 and 4 as they still provide legacy features not supported in version 6. Version 6, 4, and 3 may all be installed and running concurrently. MSXML 6 is not supported on Windows 9x. Windows XP SP3 includes MSXML 6.0 SP2.

MSXML 5.0
+++++++++
MSXML5 is a binary developed specifically for Microsoft Office. It originally shipped with Office 2003 and also ships with Office 2007. Microsoft has not released documentation for this version as they consider it an internal/integrated component.

MSXML 4.0
+++++++++
MSXML4 was shipped as an independent, downloadable SDK targeted at Independent Software Vendors and third parties. It is an upgrade for but not a replacement to MSXML3 as version 3 still provides legacy features. Versions 4 and 3 may be run concurrently.

MSXML 4.0 SP3 is the most recent version released in March 2009, SP2 support expired in April 2010.

The download link is here:
http://www.microsoft.com/downloads/en/details.aspx...

PLEASE READ THE RELEASE NOTES - A download link to read them is on the same site.

If U do require to update your current MSXML4 Secunia picks it up as secure with version 4.30.2107.0 provided U have downloaded the additional patch via MS Update.

MSXML 3.0
+++++++++
MSXML3 is a current MSXML product, represented by msxml3.dll. MSXML 3.0 SP2 first shipped with Windows XP, Internet Explorer 6.0 and MDAC 2.7. Windows XP SP2 includes MSXML 3.0 SP5 as part of MDAC 2.81. Windows 2000 SP4 also ships with MSXML 3.0. By default, Internet Explorer version 6.0, 7.0 and 8.0 use MSXML 3 to parse XML documents loaded in a window. MSXML 3.0 SP7 is the last supported version for Windows 9x. Windows XP SP3 includes MSXML 3.0 SP9. Windows Vista includes MSXML 3.0 SP10 & Windows 7 has MSXML 3 SP11

Update 3 22:36 04/09/2010



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
julio991 RE: Microsoft xml Core Services (MSXML) x4
Member 5th Dec, 2010 14:36
Score: 1
Posts: 23
User Since: 7th Mar 2010
System Score: N/A
Location: CA
I did download that MS Patch which did nothing to discourage the msxml4.dll that was in the installation path of Media Maker 8. That is where the insecurity was. I'm running a x64 computer but the insecurity lied in the install path of Program Files(X86). The full path was something like C:\Program Files\New Tech Info Systems\Media Maker 8\msxml4.dll. That is where the insecurity lied. I installed the patch from MS to update the msxml4 to sp3, but it didn't fix the insecurity. I went to the install path of the program and renamed the msxml4.dll to _old and rebooted. Tried the program and there seemed to be no difference. Does that make sense to you?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft xml Core Services (MSXML) x4
Handling Contributor 5th Dec, 2010 14:39
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Yes it does. After a full rescan with PSI please confirm U now have no vulnerabilities.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
julio991 RE: Microsoft xml Core Services (MSXML) x4
Member 5th Dec, 2010 14:45
Score: 1
Posts: 23
User Since: 7th Mar 2010
System Score: N/A
Location: CA
I don't. That is what i was trying to say. I changed it and immediately got a pop-up that said there were no vulnerabilities or that everything was patched, something to that effect. Re-booted, re-scanned and tried the program. I was surprised that the program still worked more than anything.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft xml Core Services (MSXML) x4
Handling Contributor 5th Dec, 2010 15:28
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Julio

It is maybe now riding on the back of the standalone updated MSXML4 that U have installed (which in my view it should have being doing in the first instance).

If U are now happy could U please lock (Accept) the thread & the other one U have open on this topic. This will prevent us both from receiving update emails from "tag on" posts.

If U find at a later date that the programme is not functioning as it should open a new thread & refer to this one. We can easily plant the updated file in with the one U have renamed OLD.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+