MS07-042: Description of the security update for Microsoft XML Core Services 6.0: August 14, 2007

ID KB933579
Type mskb
Reporter Microsoft
Modified 2018-04-17T20:27:59


<html><body><p>Resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page by using Internet Explorer. The vulnerability could be exploited through attacks in XML Core Services.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS07-042. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul class="sbody-free_list"><li>Home users:<div class="indent"><a href="" id="kb-link-1" target="_self"></a></div></li><li>IT professionals:<div class="indent"><a href="" id="kb-link-2" target="_self"></a></div></li></ul><h3 class="sbody-h3">Additional information about this security update</h3><ul class="sbody-free_list"><li>If you have multiple versions of Microsoft XML Core Services (MSXML) installed, you may have to apply multiple packages for this security update. Additionally, if you install a version of MSXML after you apply this security update, you may have to apply an additional package for this security update. <span>For more information about the different MSXML versions that are available or that are included with various Microsoft products or software updates, click the following article number to view the article in the Microsoft Knowledge Base:<br/><br/><div class="indent"><a href="" id="kb-link-3">269238 </a> List of Microsoft XML Parser (MSXML) versions<br/><br/></div></span></li><li>Security update package 933579 for MSXML 6.0 is a complete installation package. You can use this package to install MSXML 6.0 on a computer that has no earlier versions of MSXML 6.0 installed. You can also use this package to update an existing installation of MSXML 6.0.</li><li>Windows Update, Microsoft Update, and Microsoft Systems Management Server (SMS) 2003 Inventory Tool for Microsoft Updates only offer security update package 933579 if an earlier version of MSXML 6.0 is already installed on the computer.</li><li>This security update is installed in the %SystemRoot%\SYSTEM32 folder.</li><li>When you remove security update 933579 for MSXML 6.0, MSXML 6.0 is completely removed from the computer.</li><li>To apply this security update in quiet mode together with verbose logging and without restarting the computer, use a command-line command that resembles the following:<ul class="sbody-free_list"><li>For x86-based computers:<div class="indent"><span class="text-base">msxml6-KB933579-enu-x86.exe /q REBOOT=ReallySuppress /lv c:\KB933579.log</span></div></li><li>For IA-64-based computers:<div class="indent"><span class="text-base">msxml6-KB933579-enu-ia64.exe /q REBOOT=ReallySuppress /lv c:\KB933579.log</span></div></li><li>For AMD64-based computers:<span class="text-base"><div class="indent">msxml6-KB933579-enu-amd64.exe /q REBOOT=ReallySuppress /l*v c:\KB933579.log</div></span></li></ul>A detailed log of the installation process will be located in the file that you specify in the command. In this example, the file is C:\KB933579.log.</li></ul><span>For more information about the latest service pack for Windows Vista, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class="indent"><a href="" id="kb-link-4">935791 </a> How to obtain the latest Windows Vista service pack</div></span></div></body></html>