Oval Definition:oval:org.mitre.oval:def:16429
Revision Date:2014-08-18Version:52
Title:MSXML Integer Truncation Vulnerability - MS13-002
Description:Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-0006
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Expression Web
Microsoft Groove Server 2007
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2007
Microsoft Word Viewer
Microsoft XML Core Services 3.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
Definition Synopsis
  • Check for XML 5.0 fix
  • Check for vulnerable application
  • Microsoft Office 2003 SP3 is installed
  • OR Microsoft Office 2007 SP2 is installed
  • OR Microsoft Office 2007 SP3 is installed
  • OR Microsoft Office SharePoint Server 2007 SP2 is installed
  • OR Microsoft Office SharePoint Server 2007 SP3 is installed
  • OR Microsoft Expression Web SP1 is installed
  • OR Microsoft Expression Web 2 is installed
  • OR Microsoft Office Compatibility Pack SP2 is installed
  • OR Microsoft Office Compatibility Pack SP3 is installed
  • OR Microsoft Word Viewer is installed
  • OR Microsoft Groove Server 2007 Service Pack 2 is installed
  • OR Microsoft Groove Server 2007 Service Pack 3 is installed
  • AND Microsoft XML Core Services 5 is installed
  • AND Check if the version of msxml5.dll is less than 5.20.1099.0
  • OR win 8/server 2012/version
  • either os
  • Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND msxml 3.0/6.0
  • msxml 3.0/version
  • Microsoft XML Core Services 3 is installed
  • AND GDR/LDR
  • Check if the version of msxml3.dll is less than 8.110.9200.16447
  • OR msxml 6.0/version
  • Microsoft XML Core Services 6 is installed
  • AND GDR.LDR
  • Check if the version of msxml6.dll is less than 6.30.9200.16447
  • OR win 7/server 2008 R2/version
  • either os
  • Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND vulnerable versions
  • msxml 3.0/version
  • Microsoft XML Core Services 3 is installed
  • AND GDR/LDR
  • Check if the version of msxml3.dll is less than 8.110.7600.17157
  • OR msxml 6.0/version
  • Microsoft XML Core Services 6 is installed
  • AND GDR/LDR
  • Check if the version of msxml6.dll is less than 6.30.7600.17157
  • OR win 7/server 2008 R2/version
  • either os
  • Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • AND msxml 3.0/6.0/version
  • msxml 3.0/version
  • Microsoft XML Core Services 3 is installed
  • AND GDR/LDR
  • Check if the version of msxml3.dll is less than 8.110.7601.17988
  • OR msxml 6.0/version
  • Microsoft XML Core Services 6 is installed
  • AND GDR/LDR
  • Check if the version of msxml6.dll is less than 6.30.7601.17988
  • OR Vista /Server 2008 64 bit/versions
  • either os
  • Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND msxml 3.0/6.0
  • msxml 3.0/version
  • Microsoft XML Core Services 3 is installed
  • AND Check if the version of msxml3.dll is less than 8.100.5006.0
  • OR msxml 6.0/version
  • Microsoft XML Core Services 6 is installed
  • AND Check if the version of msxml6.dll is less than 6.20.5006.0
  • OR win xp/server 2003 64 bit/version
  • either os
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND msxml 3.0/6.0/version
  • msxml 3.0/version
  • Microsoft XML Core Services 3 is installed
  • AND Check if version of Msxml3.dll is less than 8.100.1053.0
  • OR msxml 6.0/version
  • Microsoft XML Core Services 6 is installed
  • AND Check if the version of msxml6.dll is less than 6.20.2016.0
    • BACK