Signature Detail

HTTP: Microsoft XML Core Services Dangerous CLSID

This signature detects Web pages containing dangerous ActiveX calls. A malicious Web site can exploit a known vulnerability in Microsoft's XML Core Services and cause arbitrary code execution.

Extended Description

Microsoft XML Core Services is prone to an information-disclosure vulnerability. This vulnerability is caused by an error in how the affected component handles server redirects. An attacker can exploit this vulnerability by enticing a victim user into visiting a malicious web page.

Affected Products

• Avaya modular_messaging_(mas) 3.0.0
• Hp storage_management_appliance 2.1
• Microsoft office_2003
• Microsoft sql_server_2000_client 8.0 SP3
• Microsoft sql_server_2005 SP1
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_professional SP4
• Microsoft windows_2000_server SP4
• Microsoft xml_core_services 3.0
• Microsoft xml_core_services 3.0 SP4
• Microsoft xml_core_services 3.0 SP5
• Microsoft xml_core_services 3.0 SP7
• Microsoft xml_core_services 4.0
• Microsoft xml_core_services 5.0 SP1

References

• BugTraq: 20339
• CVE: CVE-2006-4685
• URL: http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx
• URL: http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx