Back to search
CVE-2008-4033
Published: Nov 12, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT080164
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:5847
vdb-entry
signature
x_refsource_OVAL
TA08-316A
third-party-advisory
x_refsource_CERT
HPSBST02386
vendor-advisory
x_refsource_HP
ADV-2008-3111
vdb-entry
x_refsource_VUPEN
MS08-069
vendor-advisory
x_refsource_MS
1021164
vdb-entry
x_refsource_SECTRACK
32204
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now