Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4033

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
62.6%
top 1.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft XML Core Services
Timeline
PublishedNov 12
Latest updateMay 2

Description

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/xml_core_services4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-65h5-7wf2-rcj3: Cross-domain vulnerability in Microsoft XML Core Services 32022-05-02
CVEList
CVE-2008-4033: Cross-domain vulnerability in Microsoft XML Core Services 32008-11-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)2008-11-23
CVE-2008-4033 (MEDIUM CVSS 4.3) | Cross-domain vulnerability in Micro | cvebase.io