Oval Definition:	oval:org.mitre.oval:def:29009
Revision Date: 2015-06-22 Version: 45 Title: MSXML3 same origin policy SFB vulnerability - CVE-2015-1646 (MS15-039) Description: Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-1646 Platform(s): Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Product(s): Microsoft XML Core Services 3.0 Definition Synopsis Server 2003 vulnerable version Server (2003 - x86/x64/ia64) Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 for Itanium is installed AND Microsoft XML Core Services 3 is installed AND Check if the version of msxml3.dll is less than 8.100.1057.0 OR Vista/ 2K8 and vulnerable file version Vista /2K8 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft XML Core Services 3 is installed AND Check if the version of msxml3.dll is less than 8.100.5010.0 OR Win 7 / R2 and vulnerable version Win 7 / R2 Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft XML Core Services 3 is installed AND Check for vulnerable versions Check if the version of msxml3.dll is less than 8.110.7601.18782 OR Check for LDR Check if version of Msxml3.dll is greater than or equal to 8.110.7601.22000 AND Check if the version of msxml3.dll is less than 8.110.7601.22986
BACK