CVE-2008-4029

2008-11-1223:30:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.775

Percentile

98.3%

JSON

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka “MSXML DTD Cross-Domain Scripting Vulnerability.”

Affected configurations

Nvd

Node

microsoftinternet_explorer

AND

microsoftwindows_2000Matchsp4

microsoftwindows_server_2003

microsoftwindows_server_2003sp1

microsoftwindows_server_2003sp1itanium

microsoftwindows_server_2003sp2

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_vista

microsoftwindows_vistax64

microsoftwindows_vistasp1

microsoftwindows_vistaMatchsp1

microsoftwindows_xpprofessional_x64

microsoftwindows_xpsp2professional_x64

microsoftwindows_xpMatch-

microsoftwindows_xpMatchsp3

VendorProductVersionCPE
microsoftinternet_explorer*cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
microsoftwindows_2000sp4cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	*	cpe:2.3:a:microsoft:internet_explorer::::::::
microsoft	windows_2000	sp4	cpe:2.3:o:microsoft:windows_2000:sp4:::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::::::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp1::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp1:itanium:::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::::::::