cbcvebase.
CVE-2008-4029
published 2008-11-12

CVE-2008-4029: Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information…

PriorityP430medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
26.74%
97.8th percentile
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.milw0rm.com/forfun.dtd
otherMsxml2.DOMDocument.3.0
  • Detect instantiation of Msxml2.DOMDocument.3.0 or 4.0 ActiveX objects in script contexts loading external DTDs from cross-domain URLs, which is the exploitation primitive for this vulnerability.
  • Monitor for crafted XML documents that reference external DTD URLs across domains; the exploit triggers a parseError.srcText disclosure when the external DTD load fails, leaking cross-domain information.
  • Look for exploitation attempts targeting Microsoft XML Core Services 3.0 and 4.0 as used in Internet Explorer, specifically improper error checks for external DTDs (patched by MS08-069 / KB955218).
  • ·The exploit PoC uses dom.async = false to force synchronous XML loading, which is required for the cross-domain DTD error disclosure to work; async=true loads would not trigger the same information leak path.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.