CVE-2007-0099

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services 3.0

Description A race condition in the msxml3 module allows remote attackers to execute arbitrary code or cause a denial of service via many nested tags in an XML document in an IFRAME. This issue can be triggered when synchronous document rendering is frequently disrupted with asynchronous events, such as using a JavaScript timer, leading to NULL pointer dereferences or memory corruption.

Recommendations For Microsoft XML Core Services 3.0, consider disabling the msxml3 module as a temporary workaround until a patch is available. Restrict access to XML documents with many nested tags to minimize the risk of exploitation. Avoid using synchronous document rendering in applications that handle XML documents from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.