Technical Information

Brief overview of the risk:
A same-origin policy security feature bypass vulnerability exists in Microsoft XML Core Services (MSXML) whereby cross-domain data access could be possible in a document type declaration (DTD) scenario.

Detailed Information on the risk:

In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted link to the user and by convincing the user to click the link. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to open a specially crafted link; an attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.

Further information on this exploit is available at : MS15-039

Windows Server 2003 Service Pack 2 
Windows Server 2003 x64 Edition Service Pack 2 
Windows Server 2003 with SP2 for Itanium-based Systems 
Windows Vista Service Pack 2 
Windows Vista x64 Edition Service Pack 2 
Windows Server 2008 for 32-bit Systems Service Pack 2 
Windows Server 2008 for x64-based Systems Service Pack 2 
Windows Server 2008 for Itanium-based Systems Service Pack 2 
Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) 
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)