CVE(CAN) ID: CVE-2013-0006
Microsoft Windows是微软公司推出的一系列操作系统。
Microsoft XML Core Services在解析XML内容时存在整数溢出错误,可被利用远程执行任意代码。
0
Microsoft Office 2007
Microsoft Office Office 2003 Professional Edi
Microsoft Office 2003 Student and Teacher Edi
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Small Business Edition
Microsoft XML Core Services 6.x
Microsoft XML Core Services 5.x
Microsoft XML Core Services 4.x
Microsoft XML Core Services 3.x
Microsoft SharePoint Server 2007
Microsoft Office Word Viewer
Microsoft Expression Web 2.x
Microsoft Expression Web 1.x
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
厂商补丁:
Microsoft已经为此发布了一个安全公告(ms13-002)以及相应补丁:
ms13-002:Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
链接:http://www.microsoft.com/technet/security/bulletin/ms13-002.mspx