CVE-2008-4033
Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como "Vulnerabilidad de la solicitud de la cabecera MSXML".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-09-10 CVE Reserved
- 2008-11-12 CVE Published
- 2008-11-23 First Exploit
- 2024-08-07 CVE Updated
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1021164 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-316A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/3111 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/7196 | 2008-11-23 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/32204 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122703006921213&w=2 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 3.0 Search vendor "Microsoft" for product "Xml Core Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 6.0 Search vendor "Microsoft" for product "Xml Core Services" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Expression Web Search vendor "Microsoft" for product "Expression Web" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Expression Web Search vendor "Microsoft" for product "Expression Web" | 2 Search vendor "Microsoft" for product "Expression Web" and version "2" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Groove Search vendor "Microsoft" for product "Groove" | 2007 Search vendor "Microsoft" for product "Groove" and version "2007" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Word Viewer Search vendor "Microsoft" for product "Office Word Viewer" | 2003 Search vendor "Microsoft" for product "Office Word Viewer" and version "2003" | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2007 Search vendor "Microsoft" for product "Sharepoint Server" and version "2007" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 5.0 Search vendor "Microsoft" for product "Xml Core Services" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2007 Search vendor "Microsoft" for product "Sharepoint Server" and version "2007" | sp1 |
Safe
|