CVE-2008-4033

Description

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

Related CPE's

amicrosoftxml_core_services4.0*******

omicrosoftwindows_xp*sp2******

omicrosoftwindows_server_2008r2*******

omicrosoftwindows_server_2008-*******

omicrosoftwindows_7*sp1******

omicrosoftwindows_2000*sp4******

omicrosoftwindows_xp*sp3******

omicrosoftwindows_7********

omicrosoftwindows_vista*sp1******

omicrosoftwindows_server_2008r2sp1******

References

1021164

32204

Patch

TA08-316A

Third Party AdvisoryUS Government Resource

ADV-2008-3111

SSRT080164

oval:org.mitre.oval:def:5847

MS08-069

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:P/I:N/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io