MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through Microsoft XML
Core Services.

Description :

The version of Microsoft XML Core Services installed on the remote
Windows host is affected by multiple code execution vulnerabilities when
visiting a specially crafted web page using Internet Explorer.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms13-002

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2, 8, 2012, Office 2003, 2007, Word Viewer, Office
Compatibility Pack, Expression Web Service, Expression Web 2, SharePoint
Server 2007 and Groove Server 2007.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 63420 ()

Bugtraq ID: 57116
57122

CVE ID: CVE-2013-0006
CVE-2013-0007