CVE-2007-0099

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-01-08 20:28

Updated : 2024-02-28 11:01


NVD link : CVE-2007-0099

Mitre link : CVE-2007-0099

CVE.ORG link : CVE-2007-0099


JSON object : View

Products Affected

microsoft

  • internet_explorer
  • xml_core_services
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')