Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows XML core services memory corruption
updated since 14.08.2007
Published:17.08.2007
Source:
SecurityVulns ID:8039
Type:library
Threat Level:
9/10
Description:Memory corruption on XML parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
 MICROSOFT : Windows Vista
 MICROSOFT : Office 2007
CVE:CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.)
Original documentdocumentAlla Bezroutchko, [Full-disclosure] MS07-042 XMLDOM substringData() PoC (17.08.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability (15.08.2007)
 documentZDI, [Full-disclosure] ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability (15.08.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-042 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) (14.08.2007)
Files:Microsoft Security Bulletin MS07-042 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod