Article ID: 328995 - Last Review: December 10, 2003 - Revision: 3.1

INFO: List of Issues Fixed in MSXML 3.0 Service Pack 3 (Part 1)

View products that this article applies to.

This article was previously published under Q328995

SUMMARY

This article is part 1 of 2 articles that document the bugs that are fixed in MSXML 3.0 Service Pack 3 (SP3).

The following bugs have been fixed in MSXML 3.0 SP3:

Internet Explorer Stops Responding When Opening a Corrupted XML Document
Error Occurs When You Load an XML Document in an IFRAME in Internet Explorer
ADO Objects in XSL Script Allows Cross Domain Access
Access Violation Occurs When You Call sp_xml_preparedocument with sp_xmlparse
Security Issue in MSXML Error Handling
ServerXMLHTTP Stops Responding when You Send POST Requests to a Remote HTTP Server

Back to the top

Internet Explorer stops responding when you try to open a corrupted or truncated XML document. The chances that this may occur are very low. This behavior occurs when the XML data that is accessed through a network socket is corrupted or truncated.

Error Occurs When You Load an XML Document in an IFRAME in Internet Explorer

When you try to load an XML document in an IFRAME where the XML document has a reference to an XSL style sheet, you receive the following error message:

NOTE: This error only occurs when scripting ActiveX Object(s) in in-line script blocks in the XSLT style sheet.

Microsoft JScript runtime error Automation server cannot create object line = 4, col = 2 (line is offset from the start of the script block). Error returned from property or method call.

For example, the code in the in-line loadXML() script function in the following style sheet causes this error:

<xsl:stylesheet xmlns:xsl="http://www.w3.org/TR/WD-xsl">

<xsl:script xmlns:xsl="http://www.w3.org/TR/WD-xsl">
	function loadXML()
	{
		Dom = new ActiveXObject("Microsoft.XMLDOM");
		return "Hello There";
	}
</xsl:script>

	<xsl:template match="/">
	<HTML><HEAD><TITLE>Test</TITLE></HEAD><BODY><xsl:eval>loadXML()</xsl:eval></BODY></HTML>

	</xsl:template>
</xsl:stylesheet>

ADO Objects in XSL Script Allows Cross Domain Access

Scripting ActiveX Data Objects (ADO) in in-line XSLT style sheet script functions allows cross domain access to databases. This was identified as a security hole because it implies that an XSLT style sheet developer can write ADO code in in-line script functions to access data sources across domains. You cannot do this in MSXML 3.0 SP3

Access Violation Occurs When You Call sp_xml_preparedocument with sp_xmlparse

An access violation occurs when you call sp_xml_preparedocument with sp_xmlparse.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

314125 (http://support.microsoft.com/kb/314125/EN-US/ ) FIX: AV When You Call MSXML 2.6 Parser from a Stored Procedure

The fix that is described in this article is included in MSXML 3.0 SP3.

Security Issue in MSXML Error Handling

Script code that is provided as a query string parameter when you use a URL to access an XML document is executed when the data in the document is malformed. For applications such as Outlook Web Access (OWA) that require authentication, the script executes in the context of the authenticated user. The script then obtains the credentials of the authenticated user in the server namespace. This problem has been fixed in MSXML 3.0 SP3.

ServerXMLHTTP Stops Responding when You Send POST Requests to a Remote HTTP Server

ServerXMLHTTP stops responding when you send POST requests to a remote HTTP server when the server does not return the required "Connection:Close" or "Connection:Keep-alive" headers. When the configured or default timeout expires. the server returns an 80004005 error.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

305053 (http://support.microsoft.com/kb/305053/EN-US/ ) ServerXMLHTTP Stops Responding When You Send a POST Request

The fix that is specified in this article is included in MSXML 3.0 SP3

Back to the top