OVAL Repository - View Definition: oval:org.mitre.oval:def:221

OVAL Repository > View Definition

View Definition

NEW SEARCH : BACK

Definition Id: oval:org.mitre.oval:def:221		Version: 2 Last Modified: 2008-11-19
Title:	Microsoft XML Core Services Vulnerability
Description:	The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2006-4685
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft XML Core Services
Definition Synopsis:
Microsoft XML Core Services 3 is installed AND The version of Msxml3.dll is less than 8.70.1113.0. OR Microsoft XML Core Services 4 is installed AND The version of Msxml4.dll is less than 4.20.9839.0. OR Microsoft XML Core Services 5 is installed AND The version of Msxml5.dll is less than 5.10.2930.0. OR Microsoft XML Core Services 6 is installed AND The version of Msxml6.dll is less than 6.0.3888.0.

NEW SEARCH : BACK

OVAL Repository

About the Repository

OVAL Repository Forum

Author’s Resources

Items of Interest