CVSS: 4.3EPSS: 58%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 70%CPEs: 26EXPL: 1CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
14 Aug 2007 — Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfe... • https://www.exploit-db.com/exploits/30493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •