Microsoft XML Core Services Race Condition Memory Corruption Vulnerability

BID:21872

Info

Microsoft XML Core Services Race Condition Memory Corruption Vulnerability

Bugtraq ID: 21872
Class: Race Condition Error
CVE: CVE-2007-0099
Remote: Yes
Local: No
Published: Jan 04 2007 12:00AM
Updated: Nov 18 2008 05:04PM
Credit: Michal Zalewski <[email protected]> discovered this vulnerability.
Vulnerable: Nortel Networks Self-Service WVADS 0
Nortel Networks Self-Service VoiceXML 0
Nortel Networks Self-Service Speech Server 0
Nortel Networks Self-Service Peri Workstation 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 500 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service MPS 100 0
Nortel Networks Self-Service Media Processing Server 0
Nortel Networks Self-Service CCXML 0
Nortel Networks Self-Service - CCSS7 0
Nortel Networks Contact Center NCC 0
Nortel Networks Contact Center Manager Server 0
Nortel Networks Contact Center Manager
Nortel Networks Contact Center Express
Nortel Networks Contact Center - TAPI Server 0
Nortel Networks Contact Center - Symposium Agent 0
Nortel Networks CallPilot 703t
Nortel Networks CallPilot 600r
Nortel Networks CallPilot 201i
Nortel Networks CallPilot 1005r
Microsoft XML Core Services 3.0
HP Storage Management Appliance 2.1
+ HP Storage Management Appliance III
 + HP Storage Management Appliance II
 + HP Storage Management Appliance I
 Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server 0
Not Vulnerable:

Discussion

Microsoft XML Core Services Race Condition Memory Corruption Vulnerability

Microsoft XML Core Services (MSXML) is prone to a remote memory-corruption vulnerability because of a race condition that may cause a NULL-pointer dereference, read or write operations to invalid addresses, or other memory-corruption issues.

Attackers may exploit this issue to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts will likely crash the application.

NOTE: SANS has provided new information that lowers the impact of this vulnerability. Please see the reference section for details.

Exploit / POC

Microsoft XML Core Services Race Condition Memory Corruption Vulnerability

The following proof of concept is sufficient to demonstrate this issue by crashing the application:

http://lcamtuf.coredump.cx/iediex/iediex.html

Solution / Fix

Microsoft XML Core Services Race Condition Memory Corruption Vulnerability

Solution:
The vendor has released an advisory and updates to address this issue. Please see the references for more information.


Microsoft XML Core Services 3.0

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report