=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN518
_____________________________________________________________________

DATE                      : 11/10/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft XML Parser,
                                             Microsoft Office 2003.

======================================================================
http://www.microsoft.com/technet/security/Bulletin/ms06-061.mspx


MS06-061 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote
            Code Execution (924191)

Affected software:

   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Windows 2000 Service Pack 4
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows XP Service Pack 1
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows XP Service Pack 2
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows XP Professional x64 Edition
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows Server 2003
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows Server 2003 Service Pack 1
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems
     and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
   - Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0
     (all versions) on Microsoft Windows Server 2003 x64 Edition
   - Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML
     Core Services 5.0 Service Pack 1

Affected components:

   - Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack
     4
   - Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP
     Service Pack 1 and Microsoft Windows XP Service Pack 2
   - Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server
     2003 and Microsoft Windows Server 2003 Service Pack 1
   - Microsoft XML Core Services 6.0 when installed on Windows 2000 Service
     Pack 4
   - Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP
     Service Pack 1 and Microsoft Windows XP Service Pack 2
   - Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server
     2003 and Microsoft Windows Server 2003 Service Pack 1

Non-affected components:

   - Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
   - Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services 2.5
   - Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services 2.5
   - Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
   - Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core
     Services 2.5

- From Microsoft Security Bulletin MS06-061:

   Vulnerability details:
   	
   Microsoft XML Core Services Vulnerability - CVE-2006-4685:

   A vulnerability exists in Microsoft XML Core Services that could allow for
   information disclosure because the XMLHTTP ActiveX control incorrectly
   interprets an HTTP server-side redirect. An attacker could exploit the
   vulnerability by constructing a specially crafted Web page that could
   potentially lead to information disclosure if a user visited that page or
   clicked a link in a specially crafted e-mail message. An attacker who
   successfully exploited this vulnerability could access content from another
   domain retrieved using the credentials of the user browsing the Web at the
   client. In addition, compromised Web sites and Web sites that accept or host
   user-provided content or advertisements could contain specially crafted
   content that could exploit this vulnerability. However, user interaction is
   required to exploit this vulnerability.

   XSLT Buffer Overrun Vulnerability - CVE-2006-4686:

   A vulnerability exists in XSLT processing that could allow remote code
   execution on an affected system. An attacker could exploit the vulnerability
   by constructing a malicious Web page that could potentially allow remote code
   execution if a user visited that page. An attacker who successfully exploited
   this vulnerability could take complete control of an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================