Vulnerability Description
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Xml Core Services | 4.0 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Expression Web | All versions |
| Microsoft | Groove | 2007 |
| Microsoft | Office | 2003 |
| Microsoft | Office Compatibility Pack | All versions |
| Microsoft | Office Word Viewer | 2003 |
| Microsoft | Sharepoint Server | 2007 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=122703006921213&w=2
- http://securitytracker.com/id?1021164
- http://www.securityfocus.com/bid/32204Patch
- http://www.us-cert.gov/cas/techalerts/TA08-316A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/3111
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-06
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=122703006921213&w=2
- http://securitytracker.com/id?1021164
- http://www.securityfocus.com/bid/32204Patch
- http://www.us-cert.gov/cas/techalerts/TA08-316A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/3111
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-06
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2008-4033?
CVE-2008-4033 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensiti...
How severe is CVE-2008-4033?
CVE-2008-4033 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4033?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Xml Core Services, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 7, Microsoft Windows Server 2008.