Microsoft KB Archive/328995

= INFO: List of Issues Fixed in MSXML 3.0 Service Pack 3 (Part 1) =

Article ID: 328995

Article Last Modified on 12/10/2003

-

APPLIES TO


 * Microsoft XML Parser 3.0 Service Pack 3

-



This article was previously published under Q328995



SUMMARY
This article is part 1 of 2 articles that document the bugs that are fixed in MSXML 3.0 Service Pack 3 (SP3).

The following bugs have been fixed in MSXML 3.0 SP3:
 * Internet Explorer Stops Responding When Opening a Corrupted XML Document
 * Error Occurs When You Load an XML Document in an IFRAME in Internet Explorer
 * ADO Objects in XSL Script Allows Cross Domain Access
 * Access Violation Occurs When You Call sp_xml_preparedocument with sp_xmlparse
 * Security Issue in MSXML Error Handling
 * ServerXMLHTTP Stops Responding when You Send POST Requests to a Remote HTTP Server



Internet Explorer Stops Responding When Opening a Corrupted XML Document
Internet Explorer stops responding when you try to open a corrupted or truncated XML document. The chances that this may occur are very low. This behavior occurs when the XML data that is accessed through a network socket is corrupted or truncated.

back to the top

Error Occurs When You Load an XML Document in an IFRAME in Internet Explorer
When you try to load an XML document in an IFRAME where the XML document has a reference to an XSL style sheet, you receive the following error message:

NOTE: This error only occurs when scripting ActiveX Object(s) in in-line script blocks in the XSLT style sheet.

Microsoft JScript runtime error Automation server cannot create object line = 4, col = 2 (line is offset from the start of the script block). Error returned from property or method call.

For example, the code in the in-line loadXML script function in the following style sheet causes this error: 

 function loadXML {       Dom = new ActiveXObject(&quot;Microsoft.XMLDOM&quot;); return &quot;Hello There&quot;; } 

 TestloadXML</HTML>

</xsl:template> </xsl:stylesheet> back to the top

ADO Objects in XSL Script Allows Cross Domain Access
Scripting ActiveX Data Objects (ADO) in in-line XSLT style sheet script functions allows cross domain access to databases. This was identified as a security hole because it implies that an XSLT style sheet developer can write ADO code in in-line script functions to access data sources across domains. You cannot do this in MSXML 3.0 SP3

back to the top

Access Violation Occurs When You Call sp_xml_preparedocument with sp_xmlparse
An access violation occurs when you call sp_xml_preparedocument with sp_xmlparse.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

314125 FIX: AV When You Call MSXML 2.6 Parser from a Stored Procedure

The fix that is described in this article is included in MSXML 3.0 SP3.

back to the top

Security Issue in MSXML Error Handling
Script code that is provided as a query string parameter when you use a URL to access an XML document is executed when the data in the document is malformed. For applications such as Outlook Web Access (OWA) that require authentication, the script executes in the context of the authenticated user. The script then obtains the credentials of the authenticated user in the server namespace. This problem has been fixed in MSXML 3.0 SP3.

back to the top

ServerXMLHTTP Stops Responding when You Send POST Requests to a Remote HTTP Server
ServerXMLHTTP stops responding when you send POST requests to a remote HTTP server when the server does not return the required &quot;Connection:Close&quot; or &quot;Connection:Keep-alive&quot; headers. When the configured or default timeout expires. the server returns an 80004005 error.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

305053 ServerXMLHTTP Stops Responding When You Send a POST Request

The fix that is specified in this article is included in MSXML 3.0 SP3

back to the top

<div class="references_section">