Oval Definition:oval:org.mitre.oval:def:2069
Revision Date:2014-03-17Version:47
Title:Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Description:Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-2223
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft XML Core Services
Definition Synopsis
  • Windows OS
  • the installed operating system is part of the Microsoft Windows family
  • AND The version of Msxml3.dll is less than 8.90.1101.0.
  • OR Office 2003/2007 and SharePoint
  • Check for Office 2003\2007 and SharePoint Team Services
  • Microsoft Office 2003 is installed
  • OR Microsoft Office 2007 is installed
  • OR SharePoint Team Services are enabled (2K, XP, 2003)
  • AND The version of Msxml5.dll is less than 5.20.1081.0.
  • OR XML Core Services 4
  • Microsoft XML Core Services 4 is installed
  • AND The version of Msxml4.dll is less than 4.20.9848.0
  • OR XML Core Services 6
  • Microsoft XML Core Services 6 is installed
  • AND The version of Msxml6.dll is less than 6.10.1200.0.
    • BACK