PT-2008-5344 · Microsoft · Xml Core Services
Gregory Fleischer
·
Published
2008-11-12
·
Updated
2023-12-07
·
CVE-2008-4029
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft XML Core Services versions 3.0 through 4.0
Description
The issue allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs.
Recommendations
For Microsoft XML Core Services versions 3.0 through 4.0, consider applying configuration changes to restrict the processing of external DTDs in XML documents to minimize the risk of exploitation.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xml Core Services