Date: 11 October 2006
References: AU-2006.0039 ESB-2006.0779 AL-2006.0104
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2006.0092 -- AUSCERT ALERT
[Win]
Microsoft Security Bulletin MS06-061: Vulnerabilities in Microsoft XML Core
Services Could Allow Remote Code Execution
11 October 2006
===========================================================================
AusCERT Alert Summary
---------------------
Product: Microsoft XML Parser 2.6
Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 6.0
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access Confidential Data
Access: Remote/Unauthenticated
CVE Names: CVE-2006-4685 CVE-2006-4686
Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/ms06-061.mspx
Comment: The vulnerabilities described below would allow an attacker to craft a
malicious web page to install malware. Administrators are advised to
patch this vulnerability as quickly as possible as such
vulnerabilities are often quickly adapted as a means of distributing
malicious software.
- --------------------------BEGIN INCLUDED TEXT--------------------
MS06-061 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote
Code Execution (924191)
Affected software:
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Windows 2000 Service Pack 4
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows XP Service Pack 1
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows XP Service Pack 2
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows XP Professional x64 Edition
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows Server 2003
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows Server 2003 Service Pack 1
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows Server 2003 for Itanium-based Systems
and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
(all versions) on Microsoft Windows Server 2003 x64 Edition
- Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML
Core Services 5.0 Service Pack 1
Affected components:
- Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack
4
- Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP
Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server
2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft XML Core Services 6.0 when installed on Windows 2000 Service
Pack 4
- Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP
Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server
2003 and Microsoft Windows Server 2003 Service Pack 1
Non-affected components:
- Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
- Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services 2.5
- Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services 2.5
- Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
- Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core
Services 2.5
- From Microsoft Security Bulletin MS06-061:
Vulnerability details:
Microsoft XML Core Services Vulnerability - CVE-2006-4685:
A vulnerability exists in Microsoft XML Core Services that could allow for
information disclosure because the XMLHTTP ActiveX control incorrectly
interprets an HTTP server-side redirect. An attacker could exploit the
vulnerability by constructing a specially crafted Web page that could
potentially lead to information disclosure if a user visited that page or
clicked a link in a specially crafted e-mail message. An attacker who
successfully exploited this vulnerability could access content from another
domain retrieved using the credentials of the user browsing the Web at the
client. In addition, compromised Web sites and Web sites that accept or host
user-provided content or advertisements could contain specially crafted
content that could exploit this vulnerability. However, user interaction is
required to exploit this vulnerability.
XSLT Buffer Overrun Vulnerability - CVE-2006-4686:
A vulnerability exists in XSLT processing that could allow remote code
execution on an affected system. An attacker could exploit the vulnerability
by constructing a malicious Web page that could potentially allow remote code
execution if a user visited that page. An attacker who successfully exploited
this vulnerability could take complete control of an affected system.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRSxt7yh9+71yA2DNAQIzWwP/eNulGdQufqso8ESqLyezL5gudkuoFLaI
vLjr5fSuBMwQysT9Kq7Kb6q5GcwV4YehW0PmybvJtsI9Df6XCYt/cFTpo1dB895k
D0iwK/Lh2xDhvZcNSGpZlR37+T7/dLWSKTG0kLMDcJsmmb3TKyF+hnq7cZaxaaf0
ukWI90RsSCc=
=hDsO
-----END PGP SIGNATURE-----
|