Cross-Domain Vulnerability in Microsoft XML Core Services Affects Multiple Products
CVE-2008-4033

Currently unrated

Key Information:

Vendor

Microsoft
Status
Xml Core Services
Vendor
CVE Published:
12 November 2008

What is CVE-2008-4033?

This vulnerability exists in Microsoft XML Core Services versions 3.0 through 6.0, as utilized across various Microsoft products including Expression Web, Office applications, and Internet Explorer. It allows remote attackers to leverage HTTP request header fields—specifically the Transfer-Encoding field—to gain unauthorized access to sensitive information from another domain and potentially manipulate the session state. This breach could expose users to further attacks by compromising the integrity of their sessions across different domains.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://marc.info/?l=bugtraq&m=122703006921213&w=2
vendor-advisoryx_refsource_HP
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA08-316A.html
third-party-advisoryx_refsource_CERT

EPSS Score

62% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.