Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 00:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=122703006921213&w=2 - | |
References | () http://securitytracker.com/id?1021164 - | |
References | () http://www.securityfocus.com/bid/32204 - Patch | |
References | () http://www.us-cert.gov/cas/techalerts/TA08-316A.html - Third Party Advisory, US Government Resource | |
References | () http://www.vupen.com/english/advisories/2008/3111 - | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 - |
Information
Published : 2008-11-12 23:30
Updated : 2024-11-21 00:50
NVD link : CVE-2008-4033
Mitre link : CVE-2008-4033
CVE.ORG link : CVE-2008-4033
JSON object : View
Products Affected
microsoft
- windows_vista
- office_compatibility_pack
- groove
- sharepoint_server
- windows_7
- windows_xp
- windows_2000
- xml_core_services
- expression_web
- windows_2003_server
- office_word_viewer
- windows_server_2008
- office
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor