Test Kennung:	1.3.6.1.4.1.25623.1.0.900058
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS08-069.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-069. Vulnerability Insight: The flaws are due to: - a memory corruption error when parsing malformed XML content. - the way MSXML handles error checks for external document type definitions (DTDs). - an error in the way MSXML handles transfer-encoding headers. Vulnerability Impact: Successful exploitation could allow attacker to conduct cross domain scripting attacks and read data from another domain in IE and also execute arbitrary code by tricking a user into visiting a malicious web page. Affected Software/OS: - Microsoft XML Core Services 3.0/4.0/5.0/6.0 - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Office 2003 & 2007 - Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 21872 BugTraq ID: 32204 Common Vulnerability Exposure (CVE) ID: CVE-2007-0099 http://www.securityfocus.com/bid/21872 Bugtraq: 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) (Google Search) http://www.securityfocus.com/archive/1/455965/100/0/threaded Bugtraq: 20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) (Google Search) http://www.securityfocus.com/archive/1/455986/100/0/threaded Bugtraq: 20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) (Google Search) http://www.securityfocus.com/archive/1/456343/100/0/threaded Cert/CC Advisory: TA08-316A http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://seclists.org/fulldisclosure/2007/Jan/0110.html http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html HPdes Security Advisory: HPSBST02386 http://marc.info/?l=bugtraq&m=122703006921213&w=2 HPdes Security Advisory: SSRT080164 http://isc.sans.org/diary.php?storyid=2004 Microsoft Security Bulletin: MS08-069 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 http://osvdb.org/32627 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793 http://securitytracker.com/id?1021164 http://secunia.com/advisories/23655 http://www.vupen.com/english/advisories/2008/3111 Common Vulnerability Exposure (CVE) ID: CVE-2008-4029 BugTraq ID: 32155 http://www.securityfocus.com/bid/32155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5999 Common Vulnerability Exposure (CVE) ID: CVE-2008-4033 http://www.securityfocus.com/bid/32204 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847
Copyright	Copyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.