Help and Support
 

powered byLive Search

MS07-042: Vulnerability in Microsoft XML Core Services could allow remote code execution

View products that this article applies to.
Article ID:936227
Last Review:October 22, 2007
Revision:2.7
On This Page

INTRODUCTION

Microsoft has released security bulletin MS07-042. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:
Home users:
http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx (http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx)

Back to the top

MORE INFORMATION

Service pack information

The problem that is addressed by this security update is now corrected in Microsoft Office 2003 Service Pack 3 (SP3).

For more information about how to obtain the latest service pack for Microsoft Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:
870924 (http://support.microsoft.com/kb/870924/) How to obtain the latest service pack for Office 2003

Back to the top

Known issue with this security update

941833 (http://support.microsoft.com/kb/941833/) An update is available that improves the compatibility and the reliability of Microsoft XML Core Services 4.0 Service Pack 2 on a Windows Vista-based computer

Back to the top

Additional packages for this security update

The security update packages for this release use the update that is associated with this Microsoft Knowledge Base article (936227) and the updates that are associated with the following Knowledge Base article numbers:
933579 (http://support.microsoft.com/kb/933579/) Description of the security update for Microsoft XML Core Services 6.0: August 14, 2007
936021 (http://support.microsoft.com/kb/936021/) Description of the security update for Microsoft XML Core Services 3.0: August 14, 2007
936181 (http://support.microsoft.com/kb/936181/) Description of the security update for Microsoft XML Core Services 4.0: August 14, 2007
936048 (http://support.microsoft.com/kb/936048/) Description of the security update for Office 2003: August 14, 2007
936960 (http://support.microsoft.com/kb/936960/) Description of the security update for the 2007 Microsoft Office system: August 14, 2007
936056 (http://support.microsoft.com/kb/936056/) Description of the security update for 2007 Microsoft Office system servers: August 14, 2007
The 936227 security update packages for this release set the "kill bit" on supported Microsoft Windows 2000 systems for the MSXML 2.6 CLSIDs that are listed in the following table.
GUID Symbolic name
f5078f22-c551-11d3-89b9-0000f81fe221 CLSID_XMLDocument26
f5078f1b-c551-11d3-89b9-0000f81fe221 CLSID_DOMDocument26
f5078f1c-c551-11d3-89b9-0000f81fe221 CLSID_FreeThreadedDOMDocument26
f5078f1d-c551-11d3-89b9-0000f81fe221 CLSID_XMLSchemaCache26
f5078f1e-c551-11d3-89b9-0000f81fe221 CLSID_XMLHTTP26
f5078f21-c551-11d3-89b9-0000f81fe221 CLSID_XSLTemplate26
f5078f1f-c551-11d3-89b9-0000f81fe221 CLSID_DSOControl26
f5078f20-c551-11d3-89b9-0000f81fe221 CLSID_XMLParser26
f5078f28-c551-11d3-89b9-0000f81fe221 CLSID_Viewer26
f5078f29-c551-11d3-89b9-0000f81fe221 CLSID_BufferedMoniker26
f5078f26-c551-11d3-89b9-0000f81fe221 CLSID_XSLPatternFactory26

Back to the top

APPLIES TO
Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Web Server 2008
Windows Vista Service Pack 1, when used with:
  Windows Vista Business
  Windows Vista Enterprise
  Windows Vista Home Basic
  Windows Vista Home Premium
  Windows Vista Ultimate
  Windows Vista Starter
  Windows Vista Enterprise 64-bit Edition
  Windows Vista Home Basic 64-bit Edition
  Windows Vista Home Premium 64-bit Edition
  Windows Vista Ultimate 64-bit Edition
Microsoft Windows Server 2003 Service Pack 2, when used with:
  Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  Microsoft Windows Server 2003, Web Edition
  Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  Microsoft Windows Server 2003, Datacenter x64 Edition
  Microsoft Windows Server 2003, Enterprise x64 Edition
  Microsoft Windows Server 2003, Standard x64 Edition
  Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Service Pack 1, when used with:
  Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  Microsoft Windows Server 2003, Web Edition
  Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows XP Service Pack 3, when used with:
  Microsoft Windows XP Home Edition
  Microsoft Windows XP Professional
Microsoft Windows XP Service Pack 2, when used with:
  Microsoft Windows XP Professional
  Microsoft Windows XP Home Edition
  Microsoft Windows 2000 Datacenter Server
  Microsoft Windows 2000 Advanced Server
  Microsoft Windows 2000 Server
  Microsoft Windows 2000 Professional Edition
Microsoft Office SharePoint Server 2007
Microsoft Office Basic 2007
Microsoft Office Home and Student 2007
Microsoft Office Professional 2007
Microsoft Office Professional Plus 2007
Microsoft Office Small Business 2007
Microsoft Office Standard 2007
Microsoft Office Ultimate 2007
Microsoft Office 2003 Service Pack 2, when used with:
  Microsoft Office Professional Edition 2003
  Microsoft Office Small Business Edition 2003
  Microsoft Office Students and Teachers Edition 2003
  Microsoft Office Standard Edition 2003
  Microsoft Office Basic Edition 2003
Microsoft Office Word Viewer 2003
Microsoft XML Core Services 6.0
Microsoft XML Core Services 4.0
Microsoft XML Parser 3.0

Back to the top

Keywords: 
kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc atdownload kbexpertisebeginner KB936227

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.