Article ID: 918456 - Last Review: July 6, 2007 - Revision: 1.1

FIX: You may experience security-related problems when you use MSXML components in Windows CE 5.0

View products that this article applies to.

On This Page

Expand all | Collapse all

SYMPTOMS

When you use Microsoft XML (MSXML) components in Microsoft Windows CE 5.0, you may experience the following security-related problems:
  • A cross-site scripting vulnerability may occur.
  • An MSXML component may enter an infinite loop.
  • MSXML may crash.
Back to the top

RESOLUTION

Software update information

A supported software update is now available from Microsoft as Windows CE 5.0 Platform Builder Monthly Update (November 2006). You can confirm this by scrolling to the "File information" section of this article. The package file name contains the product version, date, Knowledge Base article number, and processor type. The package file name format is:
Product version-yymmdd-kbnnnnnn-processor type
For example: Wincepb50-060503-kb917590-armv4i.msi is the ARMV4i Windows CE 5.0 Platform Builder fix that is documented in KB article 917590 and that is contained in the May 2006 monthly update. To resolve this problem immediately, click the following article number for information about obtaining Windows CE Platform Builder and core operating system software updates:
837392  (http://support.microsoft.com/kb/837392/ ) How to locate core operating system fixes for Microsoft Windows CE Platform Builder products

Prerequisites

This software update is supported only if all previously issued software updates for this product are also applied.

Restart requirement

After you apply this software update, you must perform a clean build of the whole platform. To clean the platform, click Clean on the Build menu. To build the platform, click Build Platform on the Build menu. You do not have to restart the computer after you apply this software update.

Software update replacement information

This software update does not replace any other software updates.

File information

The English version of this package has the file attributes (or later file attributes) that are listed in the following table.
Collapse this tableExpand this table
File nameFile sizeDateTime
Wincepb50-061130-kb918456-armv4i.msi15,719,42430-Nov-200620:52
Wincepb50-061130-kb918456-mipsii.msi15,500,28830-Nov-200620:52
Wincepb50-061130-kb918456-mipsii_fp.msi15,512,57630-Nov-200620:52
Wincepb50-061130-kb918456-mipsiv.msi15,698,43230-Nov-200620:52
Wincepb50-061130-kb918456-mipsiv_fp.msi15,703,04030-Nov-200620:52
Wincepb50-061130-kb918456-sh4.msi14,916,60830-Nov-200620:52
Wincepb50-061130-kb918456-x86.msi12,264,44830-Nov-200620:52
The English version of this software update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile sizeDateTimePath
Xmldom.lib9,023,79816-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlhttp.lib263,31016-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlislands.lib839,87416-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlmime.lib1,270,53416-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlminisax.lib3,895,41416-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlnetfull.lib199,09016-Nov-200601:47public\ie\oak\lib\armv4i\debug
Xmlnetmini.lib106,29216-Nov-200601:47public\ie\oak\lib\armv4i\debug
Xmlsax.lib2,602,11616-Nov-200601:48public\ie\oak\lib\armv4i\debug
Xmlstubs.lib152,87416-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlxql.lib4,716,30016-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmlxslt.lib4,523,05216-Nov-200601:50public\ie\oak\lib\armv4i\debug
Xmldom.lib8,765,04816-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlhttp.lib242,06016-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlislands.lib817,61616-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlmime.lib1,254,90616-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlminisax.lib3,830,63416-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlnetfull.lib192,95016-Nov-200601:43public\ie\oak\lib\armv4i\retail
Xmlnetmini.lib102,59216-Nov-200601:43public\ie\oak\lib\armv4i\retail
Xmlsax.lib2,503,78616-Nov-200601:45public\ie\oak\lib\armv4i\retail
Xmlstubs.lib159,82616-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlxql.lib4,603,57016-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmlxslt.lib4,371,35816-Nov-200601:46public\ie\oak\lib\armv4i\retail
Xmldom.lib9,176,55216-Nov-200601:58public\ie\oak\lib\mipsii\debug
Xmlhttp.lib261,81816-Nov-200601:57public\ie\oak\lib\mipsii\debug
Xmlislands.lib861,34816-Nov-200601:58public\ie\oak\lib\mipsii\debug
Xmlmime.lib1,307,69616-Nov-200601:57public\ie\oak\lib\mipsii\debug
Xmlminisax.lib3,927,87416-Nov-200601:58public\ie\oak\lib\mipsii\debug
Xmlnetfull.lib203,27616-Nov-200601:55public\ie\oak\lib\mipsii\debug
Xmlnetmini.lib109,04816-Nov-200601:55public\ie\oak\lib\mipsii\debug
Xmlsax.lib2,646,82616-Nov-200601:56public\ie\oak\lib\mipsii\debug
Xmlstubs.lib159,19616-Nov-200601:57public\ie\oak\lib\mipsii\debug
Xmlxql.lib4,845,93616-Nov-200601:58public\ie\oak\lib\mipsii\debug
Xmlxslt.lib4,623,13616-Nov-200601:58public\ie\oak\lib\mipsii\debug
Xmldom.lib8,468,70216-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlhttp.lib245,50416-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlislands.lib789,27816-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlmime.lib1,146,63216-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlminisax.lib3,688,00016-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlnetfull.lib186,37016-Nov-200601:51public\ie\oak\lib\mipsii\retail
Xmlnetmini.lib101,27616-Nov-200601:51public\ie\oak\lib\mipsii\retail
Xmlsax.lib2,468,30816-Nov-200601:52public\ie\oak\lib\mipsii\retail
Xmlstubs.lib135,68416-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlxql.lib4,281,39216-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmlxslt.lib4,085,65416-Nov-200601:54public\ie\oak\lib\mipsii\retail
Xmldom.lib9,179,39616-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlhttp.lib261,83016-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlislands.lib861,47416-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlmime.lib1,307,81216-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlminisax.lib3,930,12816-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlnetfull.lib203,31416-Nov-200602:03public\ie\oak\lib\mipsii_fp\debug
Xmlnetmini.lib109,07416-Nov-200602:03public\ie\oak\lib\mipsii_fp\debug
Xmlsax.lib2,647,16416-Nov-200602:03public\ie\oak\lib\mipsii_fp\debug
Xmlstubs.lib159,35216-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlxql.lib4,845,94416-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmlxslt.lib4,624,51416-Nov-200602:05public\ie\oak\lib\mipsii_fp\debug
Xmldom.lib8,473,32216-Nov-200602:02public\ie\oak\lib\mipsii_fp\retail
Xmlhttp.lib245,51816-Nov-200602:01public\ie\oak\lib\mipsii_fp\retail
Xmlislands.lib789,40616-Nov-200602:02public\ie\oak\lib\mipsii_fp\retail
Xmlmime.lib1,146,75016-Nov-200602:01public\ie\oak\lib\mipsii_fp\retail
Xmlminisax.lib3,692,16816-Nov-200602:02public\ie\oak\lib\mipsii_fp\retail
Xmlnetfull.lib186,41016-Nov-200601:59public\ie\oak\lib\mipsii_fp\retail
Xmlnetmini.lib101,30216-Nov-200601:59public\ie\oak\lib\mipsii_fp\retail
Xmlsax.lib2,468,64616-Nov-200602:00public\ie\oak\lib\mipsii_fp\retail
Xmlstubs.lib135,84016-Nov-200602:01public\ie\oak\lib\mipsii_fp\retail
Xmlxql.lib4,280,83216-Nov-200602:02public\ie\oak\lib\mipsii_fp\retail
Xmlxslt.lib4,087,15616-Nov-200602:02public\ie\oak\lib\mipsii_fp\retail
Xmldom.lib9,281,75016-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmlhttp.lib264,92216-Nov-200602:12public\ie\oak\lib\mipsiv\debug
Xmlislands.lib869,78416-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmlmime.lib1,321,48016-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmlminisax.lib3,972,74616-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmlnetfull.lib205,92016-Nov-200602:10public\ie\oak\lib\mipsiv\debug
Xmlnetmini.lib110,51216-Nov-200602:10public\ie\oak\lib\mipsiv\debug
Xmlsax.lib2,674,87016-Nov-200602:11public\ie\oak\lib\mipsiv\debug
Xmlstubs.lib160,38016-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmlxql.lib4,888,37016-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmlxslt.lib4,664,75016-Nov-200602:13public\ie\oak\lib\mipsiv\debug
Xmldom.lib8,504,34016-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmlhttp.lib245,96816-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmlislands.lib790,80816-Nov-200602:09public\ie\oak\lib\mipsiv\retail
X mlmime.lib1,149,79416-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmlminisax.lib3,702,69216-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmlnetfull.lib187,01616-Nov-200602:06public\ie\oak\lib\mipsiv\retail
Xmlnetmini.lib101,53416-Nov-200602:06public\ie\oak\lib\mipsiv\retail
Xmlsax.lib2,472,39616-Nov-200602:07public\ie\oak\lib\mipsiv\retail
Xmlstubs.lib135,88016-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmlxql.lib4,288,82216-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmlxslt.lib4,095,76416-Nov-200602:09public\ie\oak\lib\mipsiv\retail
Xmldom.lib9,282,08816-Nov-200602:21public\ie\oak\lib\mipsiv_fp\debug
Xmlhttp.lib264,93416-Nov-200602:20public\ie\oak\lib\mipsiv_fp\debug
Xmlislands.lib869,91016-Nov-200602:21public\ie\oak\lib\mipsiv_fp\debug
Xmlmime.lib1,321,59616-Nov-200602:20public\ie\oak\lib\mipsiv_fp\debug
Xmlminisax.lib3,972,72016-Nov-200602:21public\ie\oak\lib\mipsiv_fp\debug
Xmlnetfull.lib205,95816-Nov-200602:18public\ie\oak\lib\mipsiv_fp\debug
Xmlnetmini.lib110,53816-Nov-200602:18public\ie\oak\lib\mipsiv_fp\debug
Xmlsax.lib2,675,20816-Nov-200602:19public\ie\oak\lib\mipsiv_fp\debug
Xmlstubs.lib160,52816-Nov-200602:20public\ie\oak\lib\mipsiv_fp\debug
Xmlxql.lib4,887,54616-Nov-200602:21public\ie\oak\lib\mipsiv_fp\debug
Xmlxslt.lib4,665,44416-Nov-200602:21public\ie\oak\lib\mipsiv_fp\debug
Xmldom.lib8,504,90016-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlhttp.lib245,98216-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlislands.lib790,93616-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlmime.lib1,149,91216-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlminisax.lib3,702,79416-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlnetfull.lib187,05616-Nov-200602:14public\ie\oak\lib\mipsiv_fp\retail
Xmlnetmini.lib101,56016-Nov-200602:14public\ie\oak\lib\mipsiv_fp\retail
Xmlsax.lib2,472,73416-Nov-200602:15public\ie\oak\lib\mipsiv_fp\retail
Xmlstubs.lib136,03616-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlxql.lib4,287,16016-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmlxslt.lib4,096,48816-Nov-200602:17public\ie\oak\lib\mipsiv_fp\retail
Xmldom.lib8,467,35016-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlhttp.lib239,85816-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlislands.lib799,92416-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlmime.lib1,191,50816-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlminisax.lib3,606,42016-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlnetfull.lib185,82616-Nov-200601:40public\ie\oak\lib\sh4\debug
Xmlnetmini.lib98,98216-Nov-200601:40public\ie\oak\lib\sh4\debug
Xmlsax.lib2,456,65416-Nov-200601:41public\ie\oak\lib\sh4\debug
Xmlstubs.lib146,59816-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlxql.lib4,479,82616-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmlxslt.lib4,286,73016-Nov-200601:42public\ie\oak\lib\sh4\debug
Xmldom.lib7,825,79416-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmlhttp.lib223,03016-Nov-200601:38public\ie\oak\lib\sh4\retail
Xmlislands.lib727,26616-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmlmime.lib1,058,07616-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmlminisax.lib3,398,69216-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmlnetfull.lib171,44816-Nov-200601:36public\ie\oak\lib\sh4\retail
Xmlnetmini.lib93,10416-Nov-200601:36public\ie\oak\lib\sh4\retail
Xmlsax.lib2,267,02816-Nov-200601:37public\ie\oak\lib\sh4\retail
Xmlstubs.lib128,03816-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmlxql.lib3,964,09216-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmlxslt.lib3,807,28616-Nov-200601:39public\ie\oak\lib\sh4\retail
Xmldom.lib6,917,52616-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlhttp.lib198,27216-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlislands.lib635,04416-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlmime.lib981,85616-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlminisax.lib2,969,20216-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlnetfull.lib150,13016-Nov-200601:33public\ie\oak\lib\x86\debug
Xmlnetmini.lib80,15016-Nov-200601:33public\ie\oak\lib\x86\debug
Xmlsax.lib2,011,33216-Nov-200601:33public\ie\oak\lib\x86\debug
Xmlstubs.lib120,76016-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlxql.lib3,519,98016-Nov-200601:35public\ie\oak\lib\x86\debug
Xmlxslt.lib3,403,47216-Nov-200601:35public\ie\oak\lib\x86\debug
Xmldom.lib7,360,68816-Nov-200601:32public\ie\oak\lib\x86\retail
Xmlhttp.lib203,68416-Nov-200601:31public\ie\oak\lib\x86\retail
Xmlislands.lib683,31616-Nov-200601:32public\ie\oak\lib\x86\retail
Xmlmime.lib1,079,05416-Nov-200601:32public\ie\oak\lib\x86\retail
Xmlminisax.lib3,269,01016-Nov-200601:32public\ie\oak\lib\x86\retail
Xmlnetfull.lib168,83816-Nov-200601:29public\ie\oak\lib\x86\retail
Xmlnetmini.lib90,24616-Nov-200601:29public\ie\oak\lib\x86\retail
Xmlsax.lib2,088,63216-Nov-200601:30public\ie\oak\lib\x86\retail
Xmlstubs.lib134,32416-Nov-200601:32public\ie\oak\lib\x86\retail
Xmlxql.lib3,659,62816-Nov-200601:32public\ie\oak\lib\x86\retail
Xmlxslt.lib3,610,21616-Nov-200601:32public\ie\oak\lib\x86\retail
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top

MORE INFORMATION

This Windows CE 5.0 software update resolves several security-related problems in MSXML components. These fixes were converted from the desktop Windows version of the MSXML code to the Windows CE 5.0 version.
Back to the top

REFERENCES

For more information about an MSXML security-related update for Windows CE .NET 4.2, click the following article number to view the article in the Microsoft Knowledge Base:
916644  (http://support.microsoft.com/kb/916644/ ) FIX: Update for several MSXML security issues in Windows CE .NET 4.2
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684  (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates
Back to the top
APPLIES TO
  • Microsoft Windows CE 5.0
Back to the top
Keywords: 
kbpubtypekc kbqfe kbfix kbbug KB918456
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers