Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft XML Core Services vulnerabilities could allow remote code execution


Report ID: MS201301002
Date Published: 10 January 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0




Summary

Two vulnerabilities that involve Microsoft XML Core Services could be exploited into allowing an attacker to execute code on a compromised system.



Detailed Description

Microsoft has issued a security update for Microsoft XML Core Services (MSXML) following the discovery of two vulnerabilities that arise when parsing XML content. Each vulnerability may lead to a memory corruption condition, and possibly allow an attacker to execute code and take control of a compromised system.

Both vulnerabilities have been resolved through the latest update where necessary modification have been made to the way that MSXML parses XML content. Users are recommended to install this update to protect their system from potential exploit attempts.



CVE Reference

CVE-2013-0006, CVE-2013-0007



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-002)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.