The XSLT component of the Microsoft XML Core Services contains a buffer overflow. An attacker may be able to use this vulnerability to execute arbitrary code on a vulnerable system.
Microsoft XML Core Services (MSXML) allow developers who use JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio 6.0 to create XML-based applications. Extensible Stylesheet Language Transformations (XSLT) is an XML language that can be used to manipulate and transform XML documents. Microsoft includes XSLT as a part of MSXML.
An unspecified buffer overflow exists in the Microsoft implementation of XSLT. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the user who is running Internet Explorer.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user who opened Internet Explorer.
Thanks to Microsoft for supplying information about this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2006-10-12|
|Date Last Updated:||2006-10-31 20:34 UTC|