The attacker would not be able to add, change, or delete files. In addition, the attacker would not be able to use e-mail to carry out this attack; the vulnerability can only be exploited by way of a Web site. Customers who exercise caution when browsing and avoid visiting unknown or untrustworthy sites are at less risk from this vulnerability.
To resolve this problem immediately, download the hotfix by following the instructions later in this article or contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site: Note In special cases, charges that are ordinarily incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question. The following file is available for download from the Microsoft Download Center:
Release Date: February 21, 2002
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
The English version of this fix should have the following file attributes or later:
Note To install the patch silently and without a restart, use the following switches: /q:a /c:"dahotfix /q /n"
Date Version Size File name Platform
08-Jan-2002 8.2.8307.0 689,424 Msxml2.dll x86
- Microsoft Windows XP
- Microsoft Internet Explorer 6.0
- Microsoft SQL Server 2000
For more information on this vulnerability, see the following Microsoft Web site:
Unattended installation of hotfix both displaying "extracting hotfix dialog" and displaying a final reboot dialog:
Unattended completely silent installation of hotfix but displaying a final reboot dialog:
Q318202_MSXML20_x86.exe /q /c:"dahotfix.exe /q"
Unattended completely silent installation of hotfix with final reboot dialog suppressed:
Q318202_MSXML20_x86.exe /q:a /c:"dahotfix.exe /q"
Q318202_MSXML20_x86.exe /q:a /c:"dahotfix.exe /q /n"
Article ID: 318202 - Last Review: Jun 22, 2014 - Revision: 1