Christian Kulenkampff

**Name of the Vulnerable Software and Affected Versions** Microsoft XML Core Services (aka MSXML) versions 3.0 through 6.0 **Description** The issue is related to the processing of XML content and allows attackers to gain access to confidential information. It does not properly restrict the information transmitted by Internet Explorer during a download action, enabling remote attackers to discover full pathnames on the client system and local usernames embedded in these pathnames via a crafted web site. **Recommendations** For Microsoft XML Core Services (aka MSXML) versions 3.0 through 6.0, consider restricting the information transmitted by Internet Explorer during download actions to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of MSXML for handling XML content until a patch is available.