CVE-2007-0099

CWE-362 — Race Condition3 documents3 sources

Severity

9.3CRITICAL

EPSS

56.5%

top 1.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Microsoft XML Core Services

Timeline

PublishedJan 8

Latest updateMay 1

Description

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corrupti…

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/xml_core_services3.0

▶NVDmicrosoft/internet_explorer6

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-59gp-6qvh-c3pg: Race condition in the msxml3 module in Microsoft XML Core Services 3↗2022-05-01

▶

CVEList

CVE-2007-0099: Race condition in the msxml3 module in Microsoft XML Core Services 3↗2007-01-08

▶