Content
(MS06-061) Microsoft XSLT Buffer Overrun Vulnerability (924191)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-4686,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP1,
- Windows 2000 SP4,
- Core Services 3.0,
- Core Services 3.0 SP3,
- Core Services 3.0 SP 4,
- Core Services 3.0 SP 5,
- Core Services 3.0 SP 7,
- Core Services 5.0 SP 1,
- Core Services 4.0,
- Summary
- A vulnerability exists in the Microsoft XSLT processing that may allow for arbitrary code execution. This may be exploited when visiting a malicious website or opening a specially-crafted email.
Tab Navigation
Description
Extensible Stylesheet Language Transformations is used in manipulation of XML data. A vulnerability exists in Microsoft's processing of XSLT that may allow for remote execution of arbitrary code. The flaw lies in processing of malicious XSLT. Code execution is at the rights level of the victim. Successful exploitation would involve coercing a victim to visit a malicious site or have the victim open an email that contains a malicious file.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(924191): http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-061) Microsoft XSLT Buffer Overrun Vulnerability (924191)
- Signature identifier:
- 4675
- Release date:
- 10/10/2006
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Generic Buffer Overflow protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
VSE8.0i and MVS are proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.
- Signature:
- Buffer Overflow Protection
- Release date:
- 8/30/2004
- First released in:
- build 131
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx
All Information
Timeline -
10/10/2006
Vendor has provided a patch.
Description -
Extensible Stylesheet Language Transformations is used in manipulation of XML data. A vulnerability exists in Microsoft's processing of XSLT that may allow for remote execution of arbitrary code. The flaw lies in processing of malicious XSLT. Code execution is at the rights level of the victim. Successful exploitation would involve coercing a victim to visit a malicious site or have the victim open an email that contains a malicious file.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(924191): http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-061) Microsoft XSLT Buffer Overrun Vulnerability (924191)
- Signature identifier:
- 4675
- Release date:
- 10/10/2006
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Generic Buffer Overflow protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
VSE8.0i and MVS are proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.
- Signature:
- Buffer Overflow Protection
- Release date:
- 8/30/2004
- First released in:
- build 131
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx
