Vulnerabilities > CVE-2013-0006 - Numeric Errors vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

CWE-189

nessus

NVD

Published: 2013-01-09

Updated: 2023-12-07

Summary

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft XML Core Services 3.0 Microsoft XML Core Services 4.0 Microsoft XML Core Services 6.0 Microsoft XML Core Services 5.0 Microsoft Expression WEB * Microsoft Expression WEB 2 Microsoft Groove Server 2007 Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Compatibility Pack * Microsoft Sharepoint Server 2007 Microsoft Word Viewer *	16
OS	Microsoft Microsoft Windows 7 - Microsoft Windows 8 - Microsoft Windows Server 2003 * Microsoft Windows Server 2008 - Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 * Microsoft Windows Server 2012 - Microsoft Windows Vista * Microsoft Windows XP - Microsoft Windows XP * Microsoft Windows RT -	13

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Msbulletin

bulletin_id	MS13-002
bulletin_url
date	2013-01-08T00:00:00
impact	Remote Code Execution
knowledgebase_id	2756145
knowledgebase_url
severity	Critical
title	Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS13-002.NASL
description	The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer.
last seen	2020-06-01
modified	2020-06-02
plugin id	63420
published	2013-01-09
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63420
title	MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63420); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id("CVE-2013-0006", "CVE-2013-0007"); script_bugtraq_id(57116, 57122); script_xref(name:"MSFT", value:"MS13-002"); script_xref(name:"MSKB", value:"2687497"); script_xref(name:"MSKB", value:"2687499"); script_xref(name:"MSKB", value:"2757638"); script_xref(name:"MSKB", value:"2758694"); script_xref(name:"MSKB", value:"2758696"); script_xref(name:"MSKB", value:"2760574"); script_xref(name:"IAVA", value:"2013-A-0004"); script_name(english:"MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)"); script_summary(english:"Checks the versions of Msxml3.dll, Msxml4.dll, and Msxml6.dll"); script_set_attribute( attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through Microsoft XML Core Services." ); script_set_attribute( attribute:"description", value: "The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer." ); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-002"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2, 8, 2012, Office 2003, 2007, Word Viewer, Office Compatibility Pack, Expression Web Service, Expression Web 2, SharePoint Server 2007 and Groove Server 2007." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:xml_core_services"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:expression_web"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:groove_server"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_server"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word_viewer"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS13-002'; kbs = make_list( "2687497", "2687499", "2757638", "2758694", "2758696", "2760574" ); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (!is_accessible_share()) audit(AUDIT_SHARE_FAIL, 'is_accessible_share'); vuln = 0; arch = get_kb_item_or_exit("SMB/ARCH"); if (arch == "x86") commonfiles = hotfix_get_commonfilesdir(); else commonfiles = hotfix_get_commonfilesdirx86(); if (commonfiles) msxml5_dir = commonfiles + '\\Microsoft Shared\\Office11'; # XML Core Services 5 (this could be one of three KBs - KB2760574, KB2687497, KB2687499) if (msxml5_dir) vuln += hotfix_is_vulnerable(path:msxml5_dir, file:"Msxml5.dll", version:"5.20.1099.0", min_version:"5.0.0.0", bulletin:bulletin); # If a vulnerable version of XML Core Services 5 was detected, we should report on that # regardless of the OS version. if ((hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0)) { if (!vuln) audit(AUDIT_OS_SP_NOT_VULN); } else { productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1); # Windows 8 / Server 2012 vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.16447", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.20551", min_version:"8.110.9200.20000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.9200.16447", min_version:"6.30.9200.16000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.9200.20551", min_version:"6.30.9200.20000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.16447", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.20551", min_version:"8.110.9200.20000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", sp:0, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"6.2", sp:0, file:"Msxml6.dll", version:"6.30.9200.16447", min_version:"6.30.9200.16000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.2", sp:0, file:"Msxml6.dll", version:"6.30.9200.20551", min_version:"6.30.9200.20000", dir:"\System32", bulletin:bulletin, kb:"2757638"); # Windows 7 / Server 2008 R2 vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.17157", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.21360", min_version:"8.110.7600.21000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.17988", min_version:"8.110.7601.17000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.22149", min_version:"8.110.7601.22000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.7600.17157", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.7600.21360", min_version:"6.30.7600.21000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml6.dll", version:"6.30.7601.17988", min_version:"6.30.7601.17000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml6.dll", version:"6.30.7601.22149", min_version:"6.30.7601.22000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.17157", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.21360", min_version:"8.110.7600.21000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.17988", min_version:"8.110.7601.17000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.22149", min_version:"8.110.7601.22000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Msxml6.dll", version:"6.30.7600.17157", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Msxml6.dll", version:"6.30.7600.21360", min_version:"6.30.7600.21000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Msxml6.dll", version:"6.30.7601.17988", min_version:"6.30.7601.17000", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Msxml6.dll", version:"6.30.7601.22149", min_version:"6.30.7601.22000", dir:"\System32", bulletin:bulletin, kb:"2757638"); # Vista / Windows Server 2008 vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.5006.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml6.dll", version:"6.20.5006.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.5006.0", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Msxml6.dll", version:"6.20.5006.0", dir:"\System32", bulletin:bulletin, kb:"2757638"); # Windows 2003 and XP x64 vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.1053.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml6.dll", version:"6.20.2016.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758696"); vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.1053.0", dir:"\System32", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"5.2", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"5.2", sp:2, file:"Msxml6.dll", version:"6.20.2016.0", dir:"\System32", bulletin:bulletin, kb:"2758696"); # Windows XP vuln += hotfix_is_vulnerable(os:"5.1", arch:"x64", sp:3, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"5.1", arch:"x64", sp:3, file:"Msxml6.dll", version:"6.20.2502.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638"); vuln += hotfix_is_vulnerable(os:"5.1", sp:3, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694"); vuln += hotfix_is_vulnerable(os:"5.1", sp:3, file:"Msxml6.dll", version:"6.20.2502.0", dir:"\System32", bulletin:bulletin, kb:"2757638"); } if (vuln > 0) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2014-08-18T04:01:38.008-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Pradeep R B
organization SecPod Technologies
name Pradeep R B
organization SecPod Technologies
name Saurabh Kumar
organization SecPod Technologies
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Office 2003 SP3 is installed
oval oval:org.mitre.oval:def:15626
comment Microsoft Office 2007 SP2 is installed
oval oval:org.mitre.oval:def:15607
comment Microsoft Office 2007 SP3 is installed
oval oval:org.mitre.oval:def:15704
comment Microsoft Office SharePoint Server 2007 SP2 is installed
oval oval:org.mitre.oval:def:15502
comment Microsoft Office SharePoint Server 2007 SP3 is installed
oval oval:org.mitre.oval:def:15537
comment Microsoft Expression Web SP1 is installed
oval oval:org.mitre.oval:def:15420
comment Microsoft Expression Web 2 is installed
oval oval:org.mitre.oval:def:15694
comment Microsoft Office Compatibility Pack SP2 is installed
oval oval:org.mitre.oval:def:15640
comment Microsoft Office Compatibility Pack SP3 is installed
oval oval:org.mitre.oval:def:15035
comment Microsoft Word Viewer is installed
oval oval:org.mitre.oval:def:737
comment Microsoft Groove Server 2007 Service Pack 2 is installed
oval oval:org.mitre.oval:def:16135
comment Microsoft Groove Server 2007 Service Pack 3 is installed
oval oval:org.mitre.oval:def:16203
comment Microsoft XML Core Services 5 is installed
oval oval:org.mitre.oval:def:493
comment Microsoft Windows 8 (x64) is installed
oval oval:org.mitre.oval:def:15571
comment Microsoft Windows Server 2012 (64-bit) is installed
oval oval:org.mitre.oval:def:15585
comment Microsoft XML Core Services 3 is installed
oval oval:org.mitre.oval:def:415
comment Microsoft XML Core Services 6 is installed
oval oval:org.mitre.oval:def:454
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft XML Core Services 3 is installed
oval oval:org.mitre.oval:def:415
comment Microsoft XML Core Services 6 is installed
oval oval:org.mitre.oval:def:454
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft XML Core Services 3 is installed
oval oval:org.mitre.oval:def:415
comment Microsoft XML Core Services 6 is installed
oval oval:org.mitre.oval:def:454
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft XML Core Services 3 is installed
oval oval:org.mitre.oval:def:415
comment Microsoft XML Core Services 6 is installed
oval oval:org.mitre.oval:def:454
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (ia64) Gold is installed
oval oval:org.mitre.oval:def:396
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft XML Core Services 3 is installed
oval oval:org.mitre.oval:def:415
comment Microsoft XML Core Services 6 is installed
oval oval:org.mitre.oval:def:454

description

family

windows

oval:org.mitre.oval:def:16429

status

accepted

submitted

2013-01-09T15:58:28

title

MSXML Integer Truncation Vulnerability - MS13-002

version

Seebug

bulletinFamily	exploit
description	CVE(CAN) ID: CVE-2013-0006 Microsoft Windows是微软公司推出的一系列操作系统。 Microsoft XML Core Services在解析XML内容时存在整数溢出错误，可被利用远程执行任意代码。 0 Microsoft Office 2007 Microsoft Office Office 2003 Professional Edi Microsoft Office 2003 Student and Teacher Edi Microsoft Office 2003 Standard Edition Microsoft Office 2003 Small Business Edition Microsoft XML Core Services 6.x Microsoft XML Core Services 5.x Microsoft XML Core Services 4.x Microsoft XML Core Services 3.x Microsoft SharePoint Server 2007 Microsoft Office Word Viewer Microsoft Expression Web 2.x Microsoft Expression Web 1.x 临时解决方法：如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： * 限制访问msxml3.dll * 限制访问msxml6.dll * 将互联网和内联网安全区域设置为“高”，阻止ActiveX控制和活动脚本 * 将信任的站点添加到IE受信任站点区域 * 阻止在IE内运行MSXML 5.0 ActiveX控件厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（ms13-002）以及相应补丁: ms13-002：Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) 链接：http://www.microsoft.com/technet/security/bulletin/ms13-002.mspx 补丁下载：http://support.microsoft.com/ph/6527
id	SSV:60562
last seen	2017-11-19
modified	2013-01-09
published	2013-01-09
reporter	Root
title	Microsoft XML Core Services整数截断漏洞（MS13-002)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Msbulletin

Nessus

Oval

Seebug

References