Home » Story links » Param's story links

Zero Day Vulnerability in Microsoft XML Core Services

Link: http://www.microsoft.com/technet/security/advisory/927892.ms...
Points: 1788 views User: Param Comments: 3 Comments Tag:

Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker’s Web site to be at risk. We will continue to investigate these public reports.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs.


Email: Email this Story to a Friend

Secunia Advisory on Advisory #927892

Submitted by Amiable on Mon, 2006-11-06 16:24.

Source : Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability

A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system. The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.

The vulnerability is already being actively exploited.

Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details).

»

KillBit Settings for XMLHTTP 4.0 ActiveX control

Submitted by Param on Mon, 2006-11-06 16:26.

Disable the XMLHTTP 4.0 object in Internet Explorer

* The XMLHTTP 4.0 ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
{88d969c5-f192-11d4-a65f-0040963251e5}

More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88d969c5-f192-11d4-a65f-0040963251e5}]
"Compatibility Flags"=dword:00000400

»

Exploit Code for XMLHTTP ActiveX Control

Submitted by Param on Fri, 2006-11-10 19:13.

Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability Exploit code from Milworm

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.