CVE-2008-4033

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services versions 3.0 through 6.0

Description The issue allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, such as the Transfer-Encoding field. This could enable an attacker to read data from a Web page in another domain in Internet Explorer if a user browses a Web site that contains specially crafted content or opens specially crafted HTML e-mail.

Recommendations For Microsoft XML Core Services versions 3.0 through 6.0, consider disabling the handling of Transfer-Encoding headers as a temporary workaround until a patch is available. Restrict access to specially crafted Web sites and HTML e-mail to minimize the risk of exploitation.