Microsoft XML Core Services vulnerabilities could allow remote code execution
Report ID: MS201301002
Date Published: 10 January 2013
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
Summary
Two vulnerabilities that involve Microsoft XML Core Services could be exploited into allowing an attacker to execute code on a compromised system.
Detailed Description
Microsoft has issued a security update for Microsoft XML Core Services (MSXML) following the discovery of two vulnerabilities that arise when parsing XML content. Each vulnerability may lead to a memory corruption condition, and possibly allow an attacker to execute code and take control of a compromised system.
Both vulnerabilities have been resolved through the latest update where necessary modification have been made to the way that MSXML parses XML content. Users are recommended to install this update to protect their system from potential exploit attempts.
CVE Reference
CVE-2013-0006, CVE-2013-0007
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-002)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
