|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Windows: file reading via MSXML3 DTD
Synthesis of the vulnerability
An attacker can create a malicious DTD, to read a file via MSXML3 of Windows, in order to obtain sensitive information.
Vulnerable products: Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista.
Severity of this weakness: 3/4.
Consequences of a hack: data reading.
Hacker's origin: internet server.
Creation date: 14/04/2015.
Références of this bulletin: 3046482, CERTFR-2015-AVI-157, CVE-2015-1646, MS15-039, VIGILANCE-VUL-16602.
Description of the vulnerability
The Microsoft XML Core Services (MSXML) library is used by Microsoft applications which process XML data.
It loads DTDs for XML files. However, an attacker can invite the victim to open a malicious DTD, to access to his local files.
An attacker can therefore create a malicious DTD, to read a file via MSXML3 of Windows, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.