Microsoft XML Core Services Multiple Vulnerabilities

Secunia ID	SA23655
CVE-ID	CVE-2007-0099, CVE-2008-4029, CVE-2008-4033
Fecha de publicación	09 ene 2007
Fecha de última modificación	30 abr 2009
Gravedad	Alta gravedad Vulnerabilidades normalmente explotadas a distancia que llegan a comprometer el sistema. Una vulneración con éxito no suele requerir ninguna interacción pero no existen vulneraciones conocidas en el momento de su manifestación. Estas vulnerabilidades pueden existir en servicios como FTP, HTTP y SMTP así como en programas cliente como lectores de correo o navegadores.
Estado de solución	Revisión del proveedor (Revisado)
Programa vulnerable	Microsoft Expression Web 1.x Microsoft Expression Web 2.x Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2007 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office Groove Server 2007 Microsoft Office SharePoint Server 2007 Microsoft Office Word Viewer 2003 Microsoft XML Core Services (MSXML) 3.x Microsoft XML Core Services (MSXML) 4.x Microsoft XML Core Services (MSXML) 5.x Microsoft XML Core Services (MSXML) 6.x
Dónde	Remoto o a distancia "A distancia" se refiere a otras vulnerabilidades en las que el vector de ataque no requiere el acceso al sistema o a una red local. En esta categoría se encuentran servicios cuya exposición es aceptable en Internet (HTTP, HTTPS, SMTP). También incluye aplicaciones cliente utilizadas en Internet así como ciertas vulnerabilidades en las que se assume que se podría engañar a un usuario razonablemente responsable para realizar determinadas acciones.
Impacto	DoS (Denial of Service) Estas vulnerabilidades van desde un consumo excesivo de recursos (el sistema acaba utilizando demasiada memoria) hasta el bloqueo de una aplicación o del equipo complete. Acceso al sistema Estas vulnerabilidades abarcan casos en los que individuos malintencionados consiguen penetrar en el sistema y ejecutar cualquier tipo de código con los privilegios de un usuario local. Cross-Site Scripting Las vulnerabilidades a técnicas XSS (Cross-Site Scripting) permiten a terceras partes manipular el contenido o el comportamiento de una aplicación Web dentro del navegador del usuario, sin atacar el propio sistema donde se ejecuta. Otras vulnerabilidades a técnicas XSS son también clasificadas dentro de esta categoría: "inserción de código" y ataques CSRF (cross-site request forgery, suplantación de consultas Web). Las vulnerabilidades a técnicas XSS son a menudo utilizadas contra determinados usuarios de un sitio Web para robarle sus credenciales o suplantar su identidad (spoofing).
Descripción de la vulnerabilidad	Una descripción más detallada de la vulnerabilidad está a su disposición en la versión inglesa del sitio.
Solución	Apply patches. -- Windows 2000 -- Windows 2000 SP4 and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=559cd4b6-24b7-4e60-8749-37d9b833d3eb Windows 2000 SP4 and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows 2000 SP4 and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 -- Windows XP -- Windows XP SP2 and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2-4283-9b53-b7b046654d08 Windows XP SP3 and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=6ed1a087-97e2-4283-9b53-b7b046654d08 Windows XP SP2/SP3 and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows XP SP2 and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 Windows XP SP3 and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=7493fa37-2cbf-4d66-8690-d50d63da4096 Windows XP Professional x64 Edition (optionally with SP2) and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=1b79f220-ebfc-49c1-963b-58bbda21b6e7 Windows XP Professional x64 Edition (optionally with SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows XP Professional x64 Edition (optionally with SP2) and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 -- Windows Server 2003 -- Windows Server 2003 SP1/SP2 and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=0a0f8385-e908-4b5f-b9bf-80b7dabfcafd Windows Server 2003 SP1/SP2 and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Server 2003 SP1/SP2 and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 Windows Server 2003 x64 Edition (optionally with SP2) and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=347c8c83-4269-4a0e-af6f-4be2e824d22b Windows Server 2003 x64 Edition (optionally with SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Server 2003 x64 Edition (optionally with SP2) and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=3a65e1cd-eb4e-44b6-8868-a5a84be2cb32 Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=59914795-60c7-4ebe-828d-f28cb457e6e3 -- Windows Vista -- Windows Vista and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=affbc957-1867-4bbe-924d-6f0696ae0895 Windows Vista SP1 and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=affbc957-1867-4bbe-924d-6f0696ae0895 Windows Vista (optionally with SP1/SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Vista and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=cb6c4315-8c6d-43af-978b-b190b1a1577a Windows Vista SP1 and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=cb6c4315-8c6d-43af-978b-b190b1a1577a Windows Vista x64 Edition and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=b01a5f31-8c57-4c5c-909e-b37caf0439b0 Windows Vista x64 Edition SP1 and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=b01a5f31-8c57-4c5c-909e-b37caf0439b0 Windows Vista x64 Edition (optionally with SP1/SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Vista x64 Edition and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=39443046-2093-4c87-ac7b-679deab96414 Windows Vista x64 Edition SP1 and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=39443046-2093-4c87-ac7b-679deab96414 -- Windows Server 2008 -- Windows Server 2008 for 32-bit Systems and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=90a04164-4d02-4ce9-b3d8-bddb1ec27618 Windows Server 2008 for 32-bit Systems (optionally with SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Server 2008 for 32-bit Systems and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=dea9f227-967f-47c7-bb2a-ed68f13645d9 Windows Server 2008 for x64-based Systems and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=b7bfe3f4-835f-402c-95b5-6d49b6935308 Windows Server 2008 for x64-based Systems (optionally with SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Server 2008 for x64-based Systems and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=f16e2a5f-37fd-4ee1-aef0-597214323dc4 Windows Server 2008 for Itanium-based Systems and Microsoft XML Core Services 3.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=4e0d1efe-70ac-459b-b330-c0149b74f520 Windows Server 2008 for Itanium-based Systems (optionally with SP2) and Microsoft XML Core Services 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 Windows Server 2008 for Itanium-based Systems and Microsoft XML Core Services 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=d4ae74e2-1b09-4a99-8cf5-8a8ca8ac6f7f -- Microsoft Office -- Office 2003 SP3 and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=7ad891a8-c3bb-4479-8282-13d629c410e3 Microsoft Word Viewer 2003 SP3 and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=7ad891a8-c3bb-4479-8282-13d629c410e3 2007 Microsoft Office System and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a-4dc2-a230-c70d4a706245 2007 Microsoft Office System SP1 and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a-4dc2-a230-c70d4a706245 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a-4dc2-a230-c70d4a706245 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a-4dc2-a230-c70d4a706245 Microsoft Expression Web and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a-4dc2-a230-c70d4a706245 Microsoft Expression Web 2 and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=27b06ee8-570a-4dc2-a230-c70d4a706245 Office SharePoint Server 2007 (32-bit editions) and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=a208f2b5-2b0d-43bb-8f8a-58d4a3fc64f5 Office SharePoint Server 2007 SP1 (32-bit editions) and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=a208f2b5-2b0d-43bb-8f8a-58d4a3fc64f5 Office SharePoint Server 2007 (optionally with SP1) (64-bit editions) and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=0735f4af-e32b-4970-bed7-b2b9323cf54c Office Groove Server 2007 and Microsoft XML Core Services 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=0735f4af-e32b-4970-bed7-b2b9323cf54c