MS07-042: Vulnerability in Microsoft XML Core Services could allow remote code execution

<html><body><p>Resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page by using Internet Explorer. The vulnerability could be exploited through attacks in XML Core Services.</p><h2></h2><div><span>Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you’re running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: <a href=“http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs” target=“_self”>Support is ending for some versions of Windows</a></span>.</div><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS07-042. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:<br /><ul><li>Home users:<div><a href=“http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx” target=“_self”>http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx</a></div></li><li>IT professionals:<div><a href=“http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx</a></div></li></ul></div><h2>More Information</h2><div><h3>Service pack information</h3>The problem that is addressed by this security update is now corrected in Microsoft Office 2003 Service Pack 3 (SP3).<br /><br /><br /><span>For more information about how to obtain the latest service pack for Microsoft Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/870924”>870924 </a>How to obtain the latest service pack for Office 2003<br /></div></span><h3>Known issue with this security update</h3><span><div><a href=“https://support.microsoft.com/en-us/help/941833”>941833 </a> An update is available that improves the compatibility and the reliability of Microsoft XML Core Services 4.0 Service Pack 2 on a Windows Vista-based computer<br /></div></span><h3>Additional packages for this security update</h3>The security update packages for this release use the update that is associated with this Microsoft Knowledge Base article (936227) and the updates that are associated with the following Knowledge Base article numbers:<br /><span><div><a href=“https://support.microsoft.com/en-us/help/933579”>933579 </a> MS07-042: Description of the security update for Microsoft XML Core Services 6.0: August 14, 2007<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/936021”>936021 </a> MS07-042: Description of the security update for Microsoft XML Core Services 3.0: August 14, 2007<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/936181”>936181 </a> MS07-042: Description of the security update for Microsoft XML Core Services 4.0: August 14, 2007<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/936048”>936048 </a> MS07-042: Description of the security update for Office 2003: August 14, 2007<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/936960”>936960 </a> MS07-042: Description of the security update for the 2007 Microsoft Office system: August 14, 2007<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/936056”>936056 </a> MS07-042: Description of the security update for 2007 Microsoft Office system servers: August 14, 2007<br /><br /></div></span>The 936227 security update packages for this release set the “kill bit” on supported Microsoft Windows 2000 systems for the MSXML 2.6 CLSIDs that are listed in the following table.<br /><div><table><tr><th> GUID </th><th> Symbolic name </th></tr><tr><td> f5078f22-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_XMLDocument26 </td></tr><tr><td> f5078f1b-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_DOMDocument26 </td></tr><tr><td> f5078f1c-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_FreeThreadedDOMDocument26 </td></tr><tr><td> f5078f1d-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_XMLSchemaCache26 </td></tr><tr><td> f5078f1e-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_XMLHTTP26 </td></tr><tr><td> f5078f21-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_XSLTemplate26 </td></tr><tr><td> f5078f1f-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_DSOControl26 </td></tr><tr><td> f5078f20-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_XMLParser26 </td></tr><tr><td> f5078f28-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_Viewer26 </td></tr><tr><td> f5078f29-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_BufferedMoniker26 </td></tr><tr><td> f5078f26-c551-11d3-89b9-0000f81fe221 </td><td> CLSID_XSLPatternFactory26 </td></tr></table></div></div></body></html>