Race Condition Vulnerability in Microsoft XML Core Services 3.0
CVE-2007-0099
Currently unrated
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 8 January 2007
Summary
A race condition in the msxml3 module of Microsoft XML Core Services 3.0 can be exploited through Internet Explorer 6 and other applications. Attackers can leverage this vulnerability by sending specially crafted XML documents with numerous nested tags within an IFRAME, which disrupts synchronous document rendering with asynchronous events. This leads to NULL pointer dereferences or memory corruption, enabling remote code execution or inducing application crashes.
References
EPSS Score
55% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved