Test ID:	1.3.6.1.4.1.25623.1.0.900058
Category:	Windows : Microsoft Bulletins
Title:	Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS08-069.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-069. Vulnerability Insight: The flaws are due to: - a memory corruption error when parsing malformed XML content. - the way MSXML handles error checks for external document type definitions (DTDs). - an error in the way MSXML handles transfer-encoding headers. Vulnerability Impact: Successful exploitation could allow attacker to conduct cross domain scripting attacks and read data from another domain in IE and also execute arbitrary code by tricking a user into visiting a malicious web page. Affected Software/OS: - Microsoft XML Core Services 3.0/4.0/5.0/6.0 - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Office 2003 & 2007 - Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0099 BugTraq ID: 21872 http://www.securityfocus.com/bid/21872 Bugtraq: 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) (Google Search) http://www.securityfocus.com/archive/1/455965/100/0/threaded Bugtraq: 20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) (Google Search) http://www.securityfocus.com/archive/1/455986/100/0/threaded Bugtraq: 20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) (Google Search) http://www.securityfocus.com/archive/1/456343/100/0/threaded Cert/CC Advisory: TA08-316A http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://seclists.org/fulldisclosure/2007/Jan/0110.html http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html HPdes Security Advisory: HPSBST02386 http://marc.info/?l=bugtraq&m=122703006921213&w=2 HPdes Security Advisory: SSRT080164 http://isc.sans.org/diary.php?storyid=2004 Microsoft Security Bulletin: MS08-069 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 http://osvdb.org/32627 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793 http://securitytracker.com/id?1021164 http://secunia.com/advisories/23655 http://www.vupen.com/english/advisories/2008/3111 Common Vulnerability Exposure (CVE) ID: CVE-2008-4029 BugTraq ID: 32155 http://www.securityfocus.com/bid/32155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5999 Common Vulnerability Exposure (CVE) ID: CVE-2008-4033 BugTraq ID: 32204 http://www.securityfocus.com/bid/32204 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.