QwikSec

Security Database

CVE

CWE

Training

CVE-2007-0099

Published: Jan 8, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_OSVDB

20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

mailing-list

x_refsource_FULLDISC

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_BID

http://isc.sans.org/diary.php?storyid=2004

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_MS

20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

oval:org.mitre.oval:def:5793

vdb-entry

signature

x_refsource_OVAL

20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

mailing-list

x_refsource_BUGTRAQ

20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.