MS13-002 - Critical : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Executi

Discussion in 'Security Alerts' started by News, Jan 10, 2013.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,205
    Likes Received:
    20
    Severity Rating: Critical
    Revision Note: V1.1 (January 8, 2013): Corrected download links for Microsoft XML Core Services 3.0 on Windows Server 2003 with SP2 for Itanium-based Systems and for Microsoft XML Core Services 6.0 when installed on Windows Server 2003 with SP2 for Itanium-based Systems. Added Server Core installation entries to Affected Software for Microsoft XML Core Services 4.0 when installed on Windows Server 2008 for 32-bit Systems Service Pack 2 and Microsoft XML Core Services 6.0 on Windows Server 2008 for 32-bit Systems Service Pack 2. These are informational changes only. Customers who have already successfully updated their systems do not need to take any action.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.

    More...
     

Share This Page

Loading...