4 matches found
Microsoft XML Core Services Memory Corruption (MS07-042; CVE-2007-2223)
Microsoft Windows is shipped with an XML processing framework, named MSXML or Microsoft XML Core services. The framework is used by applications shipped with the operating system as well as third party applications. The most popular application using this framework is Internet Explorer, which can...
Microsoft XML Core Services SubstringData堆溢出漏洞(MS07-042)
BUGTRAQ ID: 25301 CVECAN ID: CVE-2007-2223 Microsoft Windows是微软发布的非常流行的操作系统。 Windows XML Core程序库在处理畸形畸形的调用时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 XML Core Services(也被称为MSXML)是Windows操作系统中所安装的用于处理XML文件的函数库。在使用该函数库时没有对XMLDOM对象substringData方式的长度参数执行正确的检查,如果提供了超长的长度值的话,就可能将数据拷贝到不充分的缓冲区,触发堆溢出,导致执行任意指令。 Microso...
[Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability
Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability iDefense Security Advisory 08.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 14, 2007 I. BACKGROUND XML Core Services also known as MSXML is a library for processing XML files. It works with, and was original par...
CVE-2007-2223
Microsoft XML Core Services (MSXML) 3.0–6.0 contains a vulnerability in the substringData() method on TextNode/XMLDOM objects that leads to an integer overflow and a subsequent buffer overflow, enabling remote code execution when a user is enticed to view a malicious page. The issue affects MSXML...