4.3
CVE-2008-4033
- EPSS 62.58%
- Published 12.11.2008 23:30:02
- Last modified 09.04.2025 00:30:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Xml Core Services Version4.0
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows 7
Microsoft ≫ Windows 7 Updatesp1
Microsoft ≫ Windows Server 2008 Updatesp2
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Server 2008 Versionr2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows 7
Microsoft ≫ Windows 7 Updatesp1
Microsoft ≫ Windows Server 2008 Updatesp2
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Server 2008 Versionr2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Xml Core Services Version3.0
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Xml Core Services Version6.0
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Xp Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Xp Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Xml Core Services Version5.0
Microsoft ≫ Expression Web
Microsoft ≫ Expression Web Version2
Microsoft ≫ Groove Version2007
Microsoft ≫ Office Version2003 Updatesp3
Microsoft ≫ Office Version2007 Updatesp1
Microsoft ≫ Office Compatibility Pack
Microsoft ≫ Office Compatibility Pack Updatesp1
Microsoft ≫ Office Word Viewer Version2003 Updatesp3
Microsoft ≫ Sharepoint Server Version2007
Microsoft ≫ Sharepoint Server Version2007 Updatesp1
Microsoft ≫ Expression Web Version2
Microsoft ≫ Groove Version2007
Microsoft ≫ Office Version2003 Updatesp3
Microsoft ≫ Office Version2007 Updatesp1
Microsoft ≫ Office Compatibility Pack
Microsoft ≫ Office Compatibility Pack Updatesp1
Microsoft ≫ Office Word Viewer Version2003 Updatesp3
Microsoft ≫ Sharepoint Server Version2007
Microsoft ≫ Sharepoint Server Version2007 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 62.58% | 0.983 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.