Microsoft Windows CE MSXML Multiple Vulnerabilities
TITLE: Microsoft Windows CE MSXML Multiple Vulnerabilities
CLASS: Unknown
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 11 2007 12:00AM
UPDATE: Jun 12 2007 06:29PM
CREDIT: The vendor disclosed these issues.
VULNERABLE:
Microsoft Windows CE 5.0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Microsoft Windows CE is prone to multiple denial-of-service vulnerabilities and a cross-site scripting vulnerability.
An attacker can exploit these issues to cause infinite-loop conditions and denial-of-service conditions or to run arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.
Solution
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
References
References:
- FIX: Update for several MSXML security issues in Windows CE .NET 4.2 (Microsoft)
- KB837392 - How to locate core operating system fixes for Microsoft Windows CE Pl (Microsoft)
- Microsoft Windows CE Homepage (Microsoft)
- The Elephant is Still Under the Carpet (err... I mean PDA) (Symantec)