CVE-2008-4029
Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."
Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 y v4.0, como lo utilizado en Internet Explorer, permite a atacantes remotos obtener información sensible de otro dominio a través de documentos XML manipulados, relacionados con el inadecuado control de error para las DTD externas, también conocido como "Vulnerabilidad MSXML DTD Cross-Domain Scripting".
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-09-10 CVE Reserved
- 2008-11-12 CVE Published
- 2008-11-23 First Exploit
- 2024-08-07 CVE Updated
- 2025-06-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1021164 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-316A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/3111 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5999 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/7196 | 2008-11-23 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/32155 | 2023-12-07 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122703006921213&w=2 | 2023-12-07 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 | 2023-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | sp4 Search vendor "Microsoft" for product "Windows 2000" and version "sp4" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1, itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x32 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | sp1 Search vendor "Microsoft" for product "Windows Vista" and version "sp1" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | professional_x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, professional_x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | sp3 Search vendor "Microsoft" for product "Windows Xp" and version "sp3" | - |
Safe
|