A supported fix is now available from Microsoft. This fix will only enable the scenario where user credentials are passed as parameters in the Open() method call. This fix will not enable scenarios where the user credentials are embedded in the URL.
Note This fix is only for the following versions of the Microsoft XML Parser (MSXML):
Microsoft XML 2.6
Microsoft XML 3.0 Service Pack 2
Microsoft XML 3.0 Service Pack 3
Microsoft XML 3.0 Service Pack 4
Microsoft XML 4.0 Service Pack 2
For additional information about how to obtain the updated files and for additional details, click the following article number to view the article in the Microsoft Knowledge Base:
Microsoft has confirmed that the scenario where user credentials are passed as parameters in the Open() method call and are not embedded in the URL, is a problem in the Microsoft products that are listed in the "Applies to" section.
For additional information, see the following Microsoft Security Bulletin:
269238 INFO: Version List of the Microsoft XML Parser
278674 Determine the Version of MSXML Parser Installed on a Computer
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, places, or events is intended or should be inferred.