Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2008-11-12 23:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4033
Mitre link : CVE-2008-4033
CVE.ORG link : CVE-2008-4033
JSON object : View
Products Affected
microsoft
- sharepoint_server
- xml_core_services
- expression_web
- office
- windows_server_2008
- windows_2003_server
- windows_7
- windows_xp
- windows_vista
- groove
- office_compatibility_pack
- office_word_viewer
- windows_2000
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor