This month Microsoft has released nine security bulletins. All ofthese vulnerabilities could let an attacker execute arbitrary code onan affected computer. All of the issues are also classified as“client-side vulnerabilities”, meaning that they require someinteraction on the part of the user for exploitation to occur. Thiswill usually entail visiting a malicious Web page or opening amalicious file that is sent through email or other means.
Microsoft’s summary of the bulletins can be found here.
MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
This bulletin consists of a code execution vulnerability(CVE-2007-2223/BID 25301) affecting Microsoft XML Core Services.Attackers could exploit this issue through a malicious Web page.
Affects: Microsoft XML Core Services 3.0/4.0/6.0 on Windows2000/XP/...
