CVE-2008-4033
Summary
| CVE | CVE-2008-4033 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-11-12 23:30:00 UTC |
| Updated | 2018-10-12 21:48:00 UTC |
| Description | Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Expression Web | All | All | All | All |
| Application | Microsoft | Expression Web | 2 | All | All | All |
| Application | Microsoft | Expression Web | All | All | All | All |
| Application | Microsoft | Expression Web | 2 | All | All | All |
| Application | Microsoft | Groove | 2007 | All | All | All |
| Application | Microsoft | Groove | 2007 | All | All | All |
| Application | Microsoft | Office | 2003 | sp3 | All | All |
| Application | Microsoft | Office | 2007 | sp1 | All | All |
| Application | Microsoft | Office | 2003 | sp3 | All | All |
| Application | Microsoft | Office | 2007 | sp1 | All | All |
| Application | Microsoft | Office Compatibility Pack | All | All | All | All |
| Application | Microsoft | Office Compatibility Pack | All | sp1 | All | All |
| Application | Microsoft | Office Compatibility Pack | All | All | All | All |
| Application | Microsoft | Office Compatibility Pack | All | sp1 | All | All |
| Application | Microsoft | Office Word Viewer | 2003 | sp3 | All | All |
| Application | Microsoft | Office Word Viewer | 2003 | sp3 | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | All | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | sp1 | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | All | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | sp1 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp1 | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp2 | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp1 | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp2 | All | All |
| Operating System | Microsoft | Windows 7 | All | All | All | All |
| Operating System | Microsoft | Windows 7 | All | sp1 | All | All |
| Operating System | Microsoft | Windows 7 | All | All | All | All |
| Operating System | Microsoft | Windows 7 | All | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2008 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2008 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp2 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp3 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp3 | All | All |
| Application | Microsoft | Xml Core Services | 3.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 4.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 5.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 6.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 3.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 4.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 5.0 | All | All | All |
| Application | Microsoft | Xml Core Services | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SSRT080164 | HP | marc.info | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability | BID | www.securityfocus.com | Patch |
| Microsoft XML Core Services (MSXML) Bugs Let Remote Users Obtain Information and Execute Arbitrary Code - SecurityTracker | SECTRACK | securitytracker.com | |
| US-CERT Technical Cyber Security Alert TA08-316A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Microsoft Security Bulletin MS08-069 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.