MS07-042: Vulnerability in Microsoft XML Core Services could allow remote code execution

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

INTRODUCTION

Microsoft has released security bulletin MS07-042. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

More Information

Service pack information

The problem that is addressed by this security update is now corrected in Microsoft Office 2003 Service Pack 3 (SP3).


For more information about how to obtain the latest service pack for Microsoft Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:
870924 How to obtain the latest service pack for Office 2003

Known issue with this security update

941833 An update is available that improves the compatibility and the reliability of Microsoft XML Core Services 4.0 Service Pack 2 on a Windows Vista-based computer

Additional packages for this security update

The security update packages for this release use the update that is associated with this Microsoft Knowledge Base article (936227) and the updates that are associated with the following Knowledge Base article numbers:
933579 MS07-042: Description of the security update for Microsoft XML Core Services 6.0: August 14, 2007

936021 MS07-042: Description of the security update for Microsoft XML Core Services 3.0: August 14, 2007

936181 MS07-042: Description of the security update for Microsoft XML Core Services 4.0: August 14, 2007

936048 MS07-042: Description of the security update for Office 2003: August 14, 2007

936960 MS07-042: Description of the security update for the 2007 Microsoft Office system: August 14, 2007

936056 MS07-042: Description of the security update for 2007 Microsoft Office system servers: August 14, 2007

The 936227 security update packages for this release set the "kill bit" on supported Microsoft Windows 2000 systems for the MSXML 2.6 CLSIDs that are listed in the following table.
GUID Symbolic name
f5078f22-c551-11d3-89b9-0000f81fe221 CLSID_XMLDocument26
f5078f1b-c551-11d3-89b9-0000f81fe221 CLSID_DOMDocument26
f5078f1c-c551-11d3-89b9-0000f81fe221 CLSID_FreeThreadedDOMDocument26
f5078f1d-c551-11d3-89b9-0000f81fe221 CLSID_XMLSchemaCache26
f5078f1e-c551-11d3-89b9-0000f81fe221 CLSID_XMLHTTP26
f5078f21-c551-11d3-89b9-0000f81fe221 CLSID_XSLTemplate26
f5078f1f-c551-11d3-89b9-0000f81fe221 CLSID_DSOControl26
f5078f20-c551-11d3-89b9-0000f81fe221 CLSID_XMLParser26
f5078f28-c551-11d3-89b9-0000f81fe221 CLSID_Viewer26
f5078f29-c551-11d3-89b9-0000f81fe221 CLSID_BufferedMoniker26
f5078f26-c551-11d3-89b9-0000f81fe221 CLSID_XSLPatternFactory26
Egenskaper

Artikkel-ID: 936227 – Forrige gjennomgang: 30. sep. 2011 – Revisjon: 1

Tilbakemelding