Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability
15 Aug. 2007
XML Core Services (also known as MSXML) is "a library for processing XML files. It works with, and was original part of, Internet Explorer". Remote exploitation of a buffer overflow vulnerability within Microsoft Corp.'s XML Core Services may allow an attacker to execute arbitrary code in the context of the current user.
* Internet Explorer 6.x on Windows XP SP2
The vulnerability specifically exists in incorrect checking being performed on the length argument to the substringData() method of an XMLDOM object. When certain length values are supplied, a large region of memory is copied into a buffer of insufficient size.
Exploitation of this vulnerability requires an attacker to convince a user to open a page containing a malicious script.
In testing by iDefense Labs, code execution was determined to be possible. Calling the vulnerable code with no other setup would simply cause the application to write (or sometimes read) past the end of the allocated memory and trigger an access violation exception. However, an attacker can cause pointers in use by another thread to be overwritten and may be able to execute code.
Disable active scripting, if it is not necessary for daily operations, using the following steps.
1. In IE, click on Tools and select Internet Options from the drop-down menu.
2. Click the Security tab and the Custom Level button.
3. Under Scripting, then Active Scripting, click the Disable radio button.