| Patch Name : |
msxml6-KB925673-enu-x86.exe |
| Patch Description : |
Vulnerabilities in Microsoft XML Core Services 6.0 RTM Could Allow Remote Code Execution (925673) |
| Bulletin Id : |
MS06-061 |
| Bulletin Title : |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
| KnowledgeBase : | 925673 |
| Severity : |
Critical |
| Location Path : | msxml6-KB925673-enu-x86.exe |
| Bulletin Summary: |
A vulnerability exists in Microsoft XML Core Services that could allow for information disclosure because the XMLHTTP ActiveX control incorrectly interprets an HTTP server-side redirect. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially lead to information disclosure if a user visited that page or clicked a link in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could access content from another domain retrieved using the credentials of the user browsing the Web at the client. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. However, user interaction is required to exploit this vulnerability.
|
| Superceding Bulletin Id : |
MS06-071 |
| Patch Release Date : |
Oct 10, 2006 |
| CVE Id : | CVE-2006-4686 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| MSXML 6.0 | MSXML 6.0 Gold |
|
| File changes |
|
| File Path |
Version |
| %windir%\system32\Msxml6.dll | 6.0.3888.0 |
| %windir%\system32\Msxml6r.dll | 6.0.3883.0 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSXML 6.0 Parser and SDK\CurrentVersion | | -2 |
|
