To exploit the vulnerability, an attacker would need to send digitally signed XML data with a crafted DTD to a targeted system. To achieve this objective, the attacker may require access to trusted, internal networks in which the targeted system may reside, which could limit the likelihood of a successful exploit.
Microsoft has corrected this vulnerability by modifying the way the affected software validates XML digital signatures.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the October 2013 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2013