CVE-2008-4033

Summary

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

Impact & exploitability

AV:N/AC:M/Au:N/C:P/I:N/A:N

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://www.securityfocus.com/bid/32204 ↗

Additional information

• NVD record
• http://www.securityfocus.com/bid/32204Patch
• http://marc.info/?l=bugtraq&m=122703006921213&w=2
• http://securitytracker.com/id?1021164
• http://www.us-cert.gov/cas/techalerts/TA08-316A.htmlAdvisory
• http://www.vupen.com/english/advisories/2008/3111
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847