---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Microsoft XML Core Services Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA26447 VERIFY ADVISORY: http://secunia.com/advisories/26447/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Office 2007 http://secunia.com/product/13228/ Microsoft XML Core Services 3.x http://secunia.com/product/12262/ Microsoft XML Core Services (MSXML) 4.x http://secunia.com/product/6472/ Microsoft Office SharePoint Server 2007 http://secunia.com/product/13227/ Microsoft Office Groove Server 2007 http://secunia.com/product/15303/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Core XML Services (MSXML) 6.x http://secunia.com/product/6473/ DESCRIPTION: A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when handling certain script requests. This can be exploited to cause a memory corruption when a user e.g. visits a malicious website. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft XML Core Services 3.0 for Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=245214ea-76f9-4755-8a14-a74232e20c1c Microsoft XML Core Services 4.0 for Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 6.0 for Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92E77-9E5A-41B1-A9D2-64443913C976 Microsoft XML Core Services 3.0 for Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=dea6a48f-fb00-43f3-a374-3220f9759c2d Microsoft XML Core Services 3.0 for Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=b8862ca9-1203-4056-a257-29271838ac0d Microsoft XML Core Services 4.0 for Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 4.0 for Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 6.0 for Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92E77-9E5A-41B1-A9D2-64443913C976 Microsoft XML Core Services 6.0 for Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92E77-9E5A-41B1-A9D2-64443913C976 Microsoft XML Core Services 3.0 for Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=12618ad0-aefd-4c9a-a769-4b14a7603d6e Microsoft XML Core Services 3.0 for Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=61bf00a9-aeea-431a-86d3-526a4a373bb7 Microsoft XML Core Services 3.0 for Windows Server 2003 for Itanium-based systems SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=b0285dd7-bf66-4226-9948-26e8aae99046 Microsoft XML Core Services 4.0 for Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 4.0 for Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 4.0 for Windows Server 2003 for Itanium-based systems SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 6.0 for Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92E77-9E5A-41B1-A9D2-64443913C976 Microsoft XML Core Services 6.0 for Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92E77-9E5A-41B1-A9D2-64443913C976 Microsoft XML Core Services 6.0 for Windows Server 2003 for Itanium-based systems SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=70C92E77-9E5A-41B1-A9D2-64443913C976 Microsoft XML Core Services 3.0 for Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyId=c734d7de-5d87-4904-81c3-714db2cb8b0d Microsoft XML Core Services 3.0 for Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=0a465d77-a737-4d26-82a1-570f9c788a8a Microsoft XML Core Services 4.0 for Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 4.0 for Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=021E12F5-CB46-43DF-A2B8-185639BA2807 Microsoft XML Core Services 6.0 for Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyId=14270529-3ae5-43bf-a471-722ab010d81e Microsoft XML Core Services 6.0 for Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=928da3d2-b0b9-447a-b37a-4350497fe563 Microsoft XML Core Services 5.0 in Microsoft Office 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=A339CB7B-E08A-47F8-AC0B-DF449191424A Microsoft XML Core Services 5.0 in 2007 Microsoft Office System: http://www.microsoft.com/downloads/details.aspx?FamilyId=7A97478A-832C-4A6B-B074-0E18B1E4ED33 Microsoft XML Core Services 5.0 in Microsoft Office SharePoint Server: http://www.microsoft.com/downloads/details.aspx?FamilyId=E875613B-2F32-4F28-A635-664A25C95C18 Microsoft XML Core Services 5.0 in Microsoft Office Groove Server 2007: http://www.microsoft.com/downloads/details.aspx?FamilyId=E875613B-2F32-4F28-A635-664A25C95C18 PROVIDED AND/OR DISCOVERED BY: The vendor credits: * An anonymous researcher, reported via iDefense Labs * An anonymous researcher, reported via ZDI ORIGINAL ADVISORY: MS07-042 (KB936227): http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------