Microsoft XML Core Services Uninitialised Object Vulnerability
RISK: Extremely High Risk
TYPE: Operating Systems - Windows OS
A vulnerability has been identified in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when attempting to access an object in memory that has not been initialised.
Successful exploitation allows execution of arbitrary code by e.g. tricking a user into viewing a malicious web page in Internet Explorer.
NOTE: The vulnerability is reportedly being actively exploited. Vendor patch is not available.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office 2003 Professional Edition
- Microsoft Office 2003 Small Business Edition
- Microsoft Office 2003 Standard Edition
- Microsoft Office 2003 Student and Teacher Edition
- Microsoft Office 2007
- Microsoft XML Core Services (MSXML) 3.x
- Microsoft XML Core Services (MSXML) 4.x
- Microsoft XML Core Services (MSXML) 5.x
- Microsoft XML Core Services (MSXML) 6.x
Solutions
- Note: Vendor patch is not available.
- Workaround: Apply Microsoft Fix it solution.
http://support.microsoft.com/kb/2719615
Vulnerability Identifier
Source
Related Link
Share with