Article ID: 255947
Article Last Modified on 2/12/2007
APPLIES TO
- Microsoft XML Parser 2.5
- Microsoft Windows 2000 Standard Edition
This article was previously published under Q255947
SYMPTOMS
When you perform an HTTP redirect with XML, no security check is performed when the redirect references data at a location on a different domain.
This poses a potential security risk when data at the destination address must be protected.
RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Data Access Components service pack that contains this hotfix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix should have the following file attributes or later:
Date Version Size File name
-------------------------------------------------
2/2/00 5.0.3014.200 522,000 bytes Msxml.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
The fix is included with MSXML 2.5 Service Pack 1 and Windows 2000 Service Pack 1.
MORE INFORMATION
Additional query words: xml msxml http redirect other cross domain security
Keywords: kbhotfixserver kbqfe kbbug kbfix kbmsxmlnosweep kbqfe KB255947
