=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN353
_____________________________________________________________________

DATE                      : 16/08/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Tout Windows avec les Services XML Core

======================================================================
MS07-042 - Vulnerability in Microsoft XML Core Services Could Allow
Remote Code Execution (936227)

Original Bulletin:
  http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx

Affected Software:

   Microsoft XML Core Services 3.0, 4.0 and 6.0 components of:
     Windows 2000 Service Pack 4
     Windows XP Service Pack 2
     Windows Server 2003 Service Pack 1 and 2
     Windows Vista

   Microsoft XML Core Services 5.0 components of:
     Microsoft Office 2003 Service Pack 2
     2007 Microsoft Office System
     Microsoft Office SharePoint Server
     Microsoft Office Groove Server 2007


Vulnerability Details:

Microsoft XML Core Services Vulnerability - CVE-2007-2223

A remote code execution vulnerability exists in Microsoft XML Core
Services that could allow an attacker who successfully exploited this
vulnerability to make changes to the system with the permissions of the
logged-on user. If a user is logged on with administrative user rights,
an attacker could take complete control of the affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights. Users whose accounts are
configured to have fewer user rights on the system could  be less
impacted than users who operate with administrative user rights.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================