• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability

Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.


Microsoft XML Core Services 4.0

• Microsoft MSXML 4.0 Service Pack 2 (KB954430)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261 -4f69-83d0-932c430abd14

Microsoft XML Core Services 5.0

• Microsoft Security Update for 2007 Microsoft Office System (KB951550)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a -4dc2-a230-c70d4a706245


• Microsoft Security Update for 2007 Microsoft Office System Servers (KB951597), 32-Bit Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=a208f2b5-2b0d -43bb-8f8a-58d4a3fc64f5


• Microsoft Security Update for 2007 Microsoft Office System Servers (KB951597), 64-Bit Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=0735f4af-e32b -4970-bed7-b2b9323cf54c


• Microsoft Security Update for Microsoft Office 2003 (KB951535)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7ad891a8-c3bb -4479-8282-13d629c410e3

Microsoft XML Core Services 3.0

• Microsoft Security Update for Windows 2000 (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=559cd4b6-24b7 -4e60-8749-37d9b833d3eb


• Microsoft Security Update for Windows Server 2003 (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=0a0f8385-e908 -4b5f-b9bf-80b7dabfcafd


• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=3a65e1cd-eb4e -44b6-8868-a5a84be2cb32


• Microsoft Security Update for Windows Server 2003 x64 Edition (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=347c8c83-4269 -4a0e-af6f-4be2e824d22b


• Microsoft Security Update for Windows Server 2008 (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=90a04164-4d02 -4ce9-b3d8-bddb1ec27618


• Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4e0d1efe-70ac -459b-b330-c0149b74f520


• Microsoft Security Update for Windows Server 2008 x64 Edition (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=b7bfe3f4-835f -402c-95b5-6d49b6935308


• Microsoft Security Update for Windows Vista (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=affbc957-1867 -4bbe-924d-6f0696ae0895


• Microsoft Security Update for Windows Vista for x64-based Systems (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=b01a5f31-8c57 -4c5c-909e-b37caf0439b0


• Microsoft Security Update for Windows XP (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2 -4283-9b53-b7b046654d08


• Microsoft Security Update for Windows XP x64 Edition (KB955069)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=1b79f220-ebfc -49c1-963b-58bbda21b6e7

Microsoft XML Core Services 6.0

• Microsoft Microsoft XML Core Services 6.0 and Service Pack 1 (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7 -4ebe-828d-f28cb457e6e3


• Microsoft Security Update for Windows Server 2008 (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=dea9f227-967f -47c7-bb2a-ed68f13645d9


• Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=d4ae74e2-1b09 -4a99-8cf5-8a8ca8ac6f7f


• Microsoft Security Update for Windows Server 2008 x64 Edition (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=f16e2a5f-37fd -4ee1-aef0-597214323dc4


• Microsoft Security Update for Windows Vista (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=cb6c4315-8c6d -43af-978b-b190b1a1577a


• Microsoft Security Update for Windows Vista for x64-based Systems (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=39443046-2093 -4c87-ac7b-679deab96414


• Microsoft Security Update for Windows XP (KB954459)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7493fa37-2cbf -4d66-8690-d50d63da4096