| VID |
26529 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-051, 2079403) for 'Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution' has not been applied.
This security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/Bulletin/MS10-051.mspx
* Platforms Affected:
Windows XP SP3
Windows Server 2003 SP2
Windows Vista SP1 and SP2
Windows Server 2008 and SP2
Windows 7 |
| Recommendation |
Apply the appropriate patch (2079403) for your system, as listed in Microsoft Security Bulletin MS10-051 at http://www.microsoft.com/technet/security/bulletin/ms10-051.mspx |
| Related URL |
CVE-2010-2561 (CVE) |
| Related URL |
42300 (SecurityFocus) |
| Related URL |
(ISS) |
|
