Microsoft XML Core Services vulnerabilities could allow remote code execution
Report ID: MS201301002
Date Published: 10 January 2013
Compromise Type: remote-code-execution
Compromise From: remote
Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
Two vulnerabilities that involve Microsoft XML Core Services could be exploited into allowing an attacker to execute code on a compromised system.
Microsoft has issued a security update for Microsoft XML Core Services (MSXML) following the discovery of two vulnerabilities that arise when parsing XML content. Each vulnerability may lead to a memory corruption condition, and possibly allow an attacker to execute code and take control of a compromised system.
Both vulnerabilities have been resolved through the latest update where necessary modification have been made to the way that MSXML parses XML content. Users are recommended to install this update to protect their system from potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-002)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.