CVE-2008-4033

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 12 November 2008

Summary

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

References

http://marc.info/?l=bugtraq&m=122703006921213&w=2

vendor-advisoryx_refsource_HP

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA08-316A.html

third-party-advisoryx_refsource_CERT

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2008
Vulnerability Reserved
Sep 10, 2008

Collectors

NVD DatabaseMitre Database