Race Condition Vulnerability in Microsoft XML Core Services 3.0
CVE-2007-0099

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services; Internet Explorer
Vendor: CVE Published:; 8 January 2007

Summary

A race condition in the msxml3 module of Microsoft XML Core Services 3.0 can be exploited through Internet Explorer 6 and other applications. Attackers can leverage this vulnerability by sending specially crafted XML documents with numerous nested tags within an IFRAME, which disrupts synchronous document rendering with asynchronous events. This leads to NULL pointer dereferences or memory corruption, enabling remote code execution or inducing application crashes.

References

http://marc.info/?l=bugtraq&m=122703006921213&w=2

vendor-advisoryx_refsource_HP

http://osvdb.org/32627

vdb-entryx_refsource_OSVDB

http://seclists.org/fulldisclosure/2007/Jan/0110.html

mailing-listx_refsource_FULLDISC

EPSS Score

55% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 8, 2007
Vulnerability Reserved
Jan 8, 2007