HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-99
Microsoft XML Core Services vulnerabilities

Original Issue Date: October 11, 2006

Severity Rating: High

System Affected

  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1

Overview

Two vulnerabilities have been reported in Microsoft XML Core Services. An attacker who successfully exploited these vulnerabilities could gain unauthorized information and take complete control of an affected system, incase user of the vulnerable system has logged on with administrative privileges.

Description

The details of the vulnerabilities are given below:

Microsoft XML Core Services Vulnerability - CVE-2006-4685 :

This vulnerability exists in Microsoft XML Core Services that could allow for information disclosure because the XMLHTTP ActiveX control incorrectly interprets an HTTP server-side redirect. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could
potentially lead to information disclosure if a user visited that page or clicked a link in a specially crafted e-mail message.

XSLT Buffer Overrun Vulnerability - CVE-2006-4686 :

This vulnerability exists in XSLT processing that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web page that could allow remote code execution if a user visited that page. The user having fever user rights on the affected system are less affected by this vulnerability than the users having administrative rights.

Workarounds

  • Do not visit untrusted websites
  • Disable ActiveX Control

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-061

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx

Refrences

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx

FrSirt
http://www.frsirt.com/english/advisories/2006/3980

Secunia
http://secunia.com/advisories/22333/

CVE Name
CVE-2006-4685
CVE-2006-4686

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003