Content
(MS08-069) Microsoft MSXML DTD Cross-Domain Scripting Vulnerability (955218)
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2008-4029,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Xml Core Services 3.0,
- Xml Core Services 4.0,
- Summary
- A vulnerability exists in Microsoft XML Core Services which may allow for information disclosure.
Tab Navigation
Description
A vulnerability exists in Microsoft XML Core Services which may allow for information disclosure. The flaw lies in the method used by MSXML to handle error checks for various external document type definitions (DTDs). Successful exploitation would require that a user visit a web page with specially-crafted content, or open a HTML-formatted email.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(955218): http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-069) Microsoft MSXML DTD Cross-Domain Scripting Vulnerability (955218)
- Signature identifier:
- 6218
- Release date:
- 11/11/2008
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
All Information
Timeline -
11/11/2008
Vendor has provided a patch.
Description -
A vulnerability exists in Microsoft XML Core Services which may allow for information disclosure. The flaw lies in the method used by MSXML to handle error checks for various external document type definitions (DTDs). Successful exploitation would require that a user visit a web page with specially-crafted content, or open a HTML-formatted email.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(955218): http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-069) Microsoft MSXML DTD Cross-Domain Scripting Vulnerability (955218)
- Signature identifier:
- 6218
- Release date:
- 11/11/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
