CVE-2007-0099
Vulnerability from cvelistv5
Published
2007-01-08 20:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT080164",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "32627",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32627"
},
{
"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
},
{
"name": "TA08-316A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"name": "21872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21872"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.php?storyid=2004"
},
{
"name": "23655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23655"
},
{
"name": "HPSBST02386",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
},
{
"name": "ADV-2008-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"name": "MS08-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
},
{
"name": "1021164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021164"
},
{
"name": "oval:org.mitre.oval:def:5793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
},
{
"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
},
{
"name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSRT080164",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "32627",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32627"
},
{
"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
},
{
"name": "TA08-316A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"name": "21872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21872"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.php?storyid=2004"
},
{
"name": "23655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23655"
},
{
"name": "HPSBST02386",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
},
{
"name": "ADV-2008-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"name": "MS08-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
},
{
"name": "1021164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021164"
},
{
"name": "oval:org.mitre.oval:def:5793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
},
{
"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
},
{
"name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT080164",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "32627",
"refsource": "OSVDB",
"url": "http://osvdb.org/32627"
},
{
"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
},
{
"name": "TA08-316A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
},
{
"name": "21872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21872"
},
{
"name": "http://isc.sans.org/diary.php?storyid=2004",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?storyid=2004"
},
{
"name": "23655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23655"
},
{
"name": "HPSBST02386",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
},
{
"name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
},
{
"name": "ADV-2008-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3111"
},
{
"name": "MS08-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
},
{
"name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
},
{
"name": "1021164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021164"
},
{
"name": "oval:org.mitre.oval:def:5793",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
},
{
"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
},
{
"name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0099",
"datePublished": "2007-01-08T20:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73052210-0B42-46AA-9F28-AAE3E9B6DE87\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \\\"MSXML Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Una condici\\u00f3n de carrera en el m\\u00f3dulo msxml3 de Microsoft XML Core Services versi\\u00f3n 3.0, tal como es usado en Internet Explorer versi\\u00f3n 6 y otras aplicaciones, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (bloqueo de aplicaci\\u00f3n) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representaci\\u00f3n de documentos sincr\\u00f3nicos se interrumpe con frecuencia con eventos asincr\\u00f3nicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupci\\u00f3n de memoria, tambi\\u00e9n se conoce como \\\"MSXML Memory Corruption Vulnerability\\\".\"}]",
"id": "CVE-2007-0099",
"lastModified": "2024-11-21T00:24:58.047",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2007-01-08T20:28:00.000",
"references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://isc.sans.org/diary.php?storyid=2004\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32627\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2007/Jan/0110.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23655\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021164\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455965/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455986/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/456343/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/21872\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3111\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://isc.sans.org/diary.php?storyid=2004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/32627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2007/Jan/0110.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23655\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455965/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455986/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/456343/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/21872\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-0099\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-08T20:28:00.000\",\"lastModified\":\"2024-11-21T00:24:58.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \\\"MSXML Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Una condici\u00f3n de carrera en el m\u00f3dulo msxml3 de Microsoft XML Core Services versi\u00f3n 3.0, tal como es usado en Internet Explorer versi\u00f3n 6 y otras aplicaciones, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representaci\u00f3n de documentos sincr\u00f3nicos se interrumpe con frecuencia con eventos asincr\u00f3nicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \\\"MSXML Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73052210-0B42-46AA-9F28-AAE3E9B6DE87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://isc.sans.org/diary.php?storyid=2004\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32627\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2007/Jan/0110.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23655\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021164\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/455965/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/455986/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/456343/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/21872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3111\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://isc.sans.org/diary.php?storyid=2004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/32627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2007/Jan/0110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/455965/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/455986/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/456343/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.