Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4033

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4033
Last Modified 10 Aug 2015 10:56:59
Published 12 Nov 2008 06:30:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4033

Summary

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

Vulnerable Systems

Application

  • Microsoft 20007 Office System

  • Microsoft 20007 Office System Sp1

  • Microsoft Expression Web

  • Microsoft Expression Web 2

  • Microsoft Office 2003

  • Microsoft Office Compatibility Pack For Word Excel Ppt 2007

  • Microsoft Office Groove Server 2007

  • Microsoft Office Sharepoint Server 2007

  • Microsoft Word Viewer 2003

  • Microsoft Xml Core Services 3.0

  • Microsoft Xml Core Services 4.0

  • Microsoft Xml Core Services 5.0

  • Microsoft Xml Core Services 6.0


References

CERT - TA08-316A

BID - 32204

VUPEN - ADV-2008-3111

MS - MS08-069

SECTRACK - 1021164

HP - SSRT080164

HP - HPSBST02386


Last Updated: 27 May 2016 10:55:04