5 matches found
Design/Logic Flaw
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...
Microsoft XML Core Services传输编码跨域信息泄露漏洞(MS08-069)
BUGTRAQ ID: 32204 CVECAN ID: CVE-2008-4033 Microsoft XML Core Services(MSXML)允许使用JScript、VBScript和Visual Studio 6.0的用户开发基于XML的应用,以与其他遵循XML 1.0标准的应用程序交互操作。 Microsoft XML Core Services处理传输编码头的方式中存在一个信息泄露漏洞。如果用户浏览包含特制内容的网站或打开特制HTML电子邮件,此漏洞可能允许读取另一个Internet Explorer域中的网页的数据。 Microsoft XML Core Servic...
CVE-2008-4033
CVE-2008-4033 is a cross-domain information disclosure vulnerability in Microsoft XML Core Services (MSXML) versions 3.0 through 6.0, affecting multiple products that embed MSXML (including Expression Web, Office, and Internet Explorer). The issue involves improper handling of HTTP header fields ...
MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
The remote host is running a version of Windows that contains a flaw in the Windows XML Core Services. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious script and enticing a victim to visit a website or view a specially crafted email message. C...
Microsoft XML Core Services Chunked Request (MS08-069; CVE-2008-4033)
MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. An information disclosure vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due t...