MSXML4sp2 broken?

From: andrew kagan (aklist_at_ENIGMEDIA.COM)
Date: 06/01/03

  • Next message: :: Operash ::: "[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007"
    Date:         Sun, 1 Jun 2003 11:41:38 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hi Russ:

    If you check microsoft.public.xml and search for "access denied" you will
    see a number of users have experienced the same problem I'm writing about,
    starting soon after MSoft first released MSXML4 sp2 a few weeks ago.

    The problem is:

    After upgrading to MSXML parser 4.0 sp2 on Win2k sp3+, there's a permissions
    error generated when the MSXML4 dll is called in a POST operation on a
    webpage.

    Error Type:
    msxml4.dll (0x80070005)
    Access is denied.

    when calling:

    xmlServerHttp.open "POST", upsServer, false // POST is the problem
    xmlServerhttp.setRequestHeader "Content-Type",
    "application/x-www-form-urlencoded"
    xmlServerHttp.send data // generates the error

    I don't know if MSoft is aware of the problem or not but it's infuriating
    because there's no way to roll-back to a recent version since MSoft only has
    the latest sp2 on it's site. You _can_ remove XML 4 and reinstall to XML3
    sp2.

    Sorry I'm not much of a programmer or I'd try to give you more info!

    Andrew Kagan
    Engimedia, Inc.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your FREE, NO OBLIGATION 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: :: Operash ::: "[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007"

    Relevant Pages

    • Revised: Microsoft Security Bulletin - MS03-013
      ... FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ... warning, analysis, decision support, and threat management tools provide ...
      (NT-Bugtraq)
    • Re: Alert: Microsoft Security Bulletin - MS03-018
      ... FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ... warning, analysis, decision support, and threat management tools provide ...
      (NT-Bugtraq)
    • Alert: New Code Red F worming its way through the net
      ... Code Red, called Code.Red.F, worming its way through hosts from Finland, ... FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ... warning, analysis, decision support, and threat management tools provide ...
      (NT-Bugtraq)
    • Re: 811493 again and again - fixed?
      ... Free 14-day trial of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ... warning, analysis, decision support, and threat management tools provide ...
      (NT-Bugtraq)
    • Administrivia #30578 - NTBugtraq/MS Bulletin Service update
      ... FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ... warning, analysis, decision support, and threat management tools provide ...
      (NT-Bugtraq)