Content
(MS08-069) Microsoft MSXML Chunked Request Vulnerability (955218)
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Authenticated locally logged on user with limited privileges
- Rating
- Medium
- CVE reference
- CVE-2008-4033,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Xml Core Services 3.0,
- Xml Core Services 4.0,
- Xml Core Services 6.0,
- XML Core Services 5.0,
- Summary
- A vulnerability exists in Microsoft XML Core Services which may allow for information disclosure.
Tab Navigation
Description
A vulnerability exists in Microsoft XML Core Services which may allow for information disclosure. The flaw is specific to the method used by MSXML to handle transfer-encoding headers. Successful exploitation could be achieved if a user is lured into browsing a website, or reads an HTML-formatted email, which contains specially crafted content.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(955218): http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-069) Microsoft MSXML Chunked Request Vulnerability (955218)
- Signature identifier:
- 6219
- Release date:
- 11/11/2008
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
All Information
Timeline -
11/11/2008
Vendor has provided a patch.
Description -
A vulnerability exists in Microsoft XML Core Services which may allow for information disclosure. The flaw is specific to the method used by MSXML to handle transfer-encoding headers. Successful exploitation could be achieved if a user is lured into browsing a website, or reads an HTML-formatted email, which contains specially crafted content.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(955218): http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-069) Microsoft MSXML Chunked Request Vulnerability (955218)
- Signature identifier:
- 6219
- Release date:
- 11/11/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
