Race Condition Vulnerability in Microsoft XML Core Services 3.0
CVE-2007-0099

Currently unrated

Key Information:

Vendor
Microsoft
Vendor
CVE Published:
8 January 2007

Summary

A race condition in the msxml3 module of Microsoft XML Core Services 3.0 can be exploited through Internet Explorer 6 and other applications. Attackers can leverage this vulnerability by sending specially crafted XML documents with numerous nested tags within an IFRAME, which disrupts synchronous document rendering with asynchronous events. This leads to NULL pointer dereferences or memory corruption, enabling remote code execution or inducing application crashes.

References

EPSS Score

55% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.