Lucene search

K
seebugRootSSV:60562
HistoryJan 09, 2013 - 12:00 a.m.

Microsoft XML Core Services整数截断漏洞(MS13-002)

2013-01-0900:00:00
Root
www.seebug.org
19

0.953 High

EPSS

Percentile

99.4%

CVE(CAN) ID: CVE-2013-0006

Microsoft Windows是微软公司推出的一系列操作系统。

Microsoft XML Core Services在解析XML内容时存在整数溢出错误,可被利用远程执行任意代码。
0
Microsoft Office 2007
Microsoft Office Office 2003 Professional Edi
Microsoft Office 2003 Student and Teacher Edi
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Small Business Edition
Microsoft XML Core Services 6.x
Microsoft XML Core Services 5.x
Microsoft XML Core Services 4.x
Microsoft XML Core Services 3.x
Microsoft SharePoint Server 2007
Microsoft Office Word Viewer
Microsoft Expression Web 2.x
Microsoft Expression Web 1.x
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

  • 限制访问msxml3.dll
  • 限制访问msxml6.dll
  • 将互联网和内联网安全区域设置为“高”,阻止ActiveX控制和活动脚本
  • 将信任的站点添加到IE受信任站点区域
  • 阻止在IE内运行MSXML 5.0 ActiveX控件

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(ms13-002)以及相应补丁:

ms13-002:Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)

链接:http://www.microsoft.com/technet/security/bulletin/ms13-002.mspx

补丁下载:http://support.microsoft.com/ph/6527