cvelistv5 - CVE-2007-0099

CVE-2007-0099 (GCVE-0-2007-0099)

Vulnerability from cvelistv5 – Published: 2007-01-08 20:00 – Updated: 2024-08-07 12:03

Summary

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=122703006921213&w=2	vendor-advisoryx_refsource_HP
	http://osvdb.org/32627	vdb-entryx_refsource_OSVDB
	http://seclists.org/fulldisclosure/2007/Jan/0110.html	mailing-listx_refsource_FULLDISC
	http://www.us-cert.gov/cas/techalerts/TA08-316A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/21872	vdb-entryx_refsource_BID
	http://isc.sans.org/diary.php?storyid=2004	x_refsource_MISC
	http://secunia.com/advisories/23655	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=122703006921213&w=2	vendor-advisoryx_refsource_HP
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.vupen.com/english/advisories/2008/3111	vdb-entryx_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/455986/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1021164	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/455965/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/456343/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT080164",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
          },
          {
            "name": "32627",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32627"
          },
          {
            "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
          },
          {
            "name": "TA08-316A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
          },
          {
            "name": "21872",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21872"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.php?storyid=2004"
          },
          {
            "name": "23655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23655"
          },
          {
            "name": "HPSBST02386",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
          },
          {
            "name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
          },
          {
            "name": "ADV-2008-3111",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3111"
          },
          {
            "name": "MS08-069",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
          },
          {
            "name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
          },
          {
            "name": "1021164",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021164"
          },
          {
            "name": "oval:org.mitre.oval:def:5793",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
          },
          {
            "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
          },
          {
            "name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SSRT080164",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
        },
        {
          "name": "32627",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32627"
        },
        {
          "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
        },
        {
          "name": "TA08-316A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
        },
        {
          "name": "21872",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21872"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.php?storyid=2004"
        },
        {
          "name": "23655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23655"
        },
        {
          "name": "HPSBST02386",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
        },
        {
          "name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
        },
        {
          "name": "ADV-2008-3111",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3111"
        },
        {
          "name": "MS08-069",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
        },
        {
          "name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
        },
        {
          "name": "1021164",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021164"
        },
        {
          "name": "oval:org.mitre.oval:def:5793",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
        },
        {
          "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
        },
        {
          "name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0099",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT080164",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
            },
            {
              "name": "32627",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32627"
            },
            {
              "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
            },
            {
              "name": "TA08-316A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
            },
            {
              "name": "21872",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21872"
            },
            {
              "name": "http://isc.sans.org/diary.php?storyid=2004",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.php?storyid=2004"
            },
            {
              "name": "23655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23655"
            },
            {
              "name": "HPSBST02386",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
            },
            {
              "name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
            },
            {
              "name": "ADV-2008-3111",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3111"
            },
            {
              "name": "MS08-069",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
            },
            {
              "name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
            },
            {
              "name": "1021164",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021164"
            },
            {
              "name": "oval:org.mitre.oval:def:5793",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
            },
            {
              "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
            },
            {
              "name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0099",
    "datePublished": "2007-01-08T20:00:00",
    "dateReserved": "2007-01-08T00:00:00",
    "dateUpdated": "2024-08-07T12:03:37.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73052210-0B42-46AA-9F28-AAE3E9B6DE87\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \\\"MSXML Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Una condici\\u00f3n de carrera en el m\\u00f3dulo msxml3 de Microsoft XML Core Services versi\\u00f3n 3.0, tal como es usado en Internet Explorer versi\\u00f3n 6 y otras aplicaciones, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (bloqueo de aplicaci\\u00f3n) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representaci\\u00f3n de documentos sincr\\u00f3nicos se interrumpe con frecuencia con eventos asincr\\u00f3nicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupci\\u00f3n de memoria, tambi\\u00e9n se conoce como \\\"MSXML Memory Corruption Vulnerability\\\".\"}]",
      "id": "CVE-2007-0099",
      "lastModified": "2024-11-21T00:24:58.047",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-01-08T20:28:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://isc.sans.org/diary.php?storyid=2004\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32627\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2007/Jan/0110.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23655\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021164\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455965/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455986/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/456343/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/21872\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3111\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://isc.sans.org/diary.php?storyid=2004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/32627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2007/Jan/0110.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23655\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455965/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/455986/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/456343/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/21872\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0099\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-08T20:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \\\"MSXML Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Una condici\u00f3n de carrera en el m\u00f3dulo msxml3 de Microsoft XML Core Services versi\u00f3n 3.0, tal como es usado en Internet Explorer versi\u00f3n 6 y otras aplicaciones, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representaci\u00f3n de documentos sincr\u00f3nicos se interrumpe con frecuencia con eventos asincr\u00f3nicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \\\"MSXML Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73052210-0B42-46AA-9F28-AAE3E9B6DE87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://isc.sans.org/diary.php?storyid=2004\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32627\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2007/Jan/0110.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23655\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021164\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/455965/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/455986/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/456343/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/21872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3111\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://isc.sans.org/diary.php?storyid=2004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/32627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2007/Jan/0110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/455965/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/455986/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/456343/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-316A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-550

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft XML Core Services permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance ou de porter atteinte à la confidentialité des données.

Description

Plusieurs vulnérabilités dans Microsoft XML Core Services ont été publiées :

la lecture de pages ou de courriels HTML spécialement conçus provoque une corruption de mémoire. Cette vulnérabilité peut être exploitée par un utilisateur malveillant pour exécuter du code arbitraire à distance (CVE-2007-0099). Elle ne concerne que Microsoft XML CoreServices 3.0 ;
un problème dans la gestion des DTD externes peut être exploité pour accéder à des informations d'un autre domaine dans Internet Explorer (CVE-2008-4029). Cette vulnérabilité ne concerne que Microsoft XML CoreServices 3.0 et 4.0 ;
un problème dans le traitement des en-têtes peut être exploité pour accéder à des informations d'un autre domaine dans Internet Explorer (CVE-2008-4033). Cette vulnérabilité concerne toutes les versions.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Compatibility Pack for 2007 file formats et Compatibility Pack SP1 ;
Microsoft	N/A	Windows Vista et Vista SP1, toutes éditions ;
Microsoft	N/A	Windows Server 2008, toutes éditions ;
Microsoft	N/A	Windows XP SP2 et SP3, toutes éditions ;
Microsoft	N/A	Sharepoint Server 2007 et 2007 SP1.
Microsoft	N/A	Microsoft Office 2003 SP3, 2007, 2007 SP1 et Groove Server 2007 ;
Microsoft	N/A	Expression Web et Web 2;
Microsoft	N/A	Windows Server 2003 SP1 et SP2, toutes éditions ;
Microsoft	N/A	Windows 2000 SP4, toutes éditions ;
Microsoft	N/A	Word Viewer 2003 SP3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-069 du 10 novembre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Compatibility Pack for 2007 file formats et Compatibility Pack SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista et Vista SP1, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP SP2 et SP3, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Sharepoint Server 2007 et 2007 SP1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 SP3, 2007, 2007 SP1 et Groove Server 2007 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Expression Web et Web 2;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP1 et SP2, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 SP4, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Viewer 2003 SP3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft XML Core Services ont \u00e9t\u00e9\npubli\u00e9es\u00a0:\n\n-   la lecture de pages ou de courriels HTML sp\u00e9cialement con\u00e7us\n    provoque une corruption de m\u00e9moire. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\n    exploit\u00e9e par un utilisateur malveillant pour ex\u00e9cuter du code\n    arbitraire \u00e0 distance (CVE-2007-0099). Elle ne concerne que\n    Microsoft XML CoreServices 3.0 ;\n-   un probl\u00e8me dans la gestion des DTD externes peut \u00eatre exploit\u00e9 pour\n    acc\u00e9der \u00e0 des informations d\u0027un autre domaine dans Internet Explorer\n    (CVE-2008-4029). Cette vuln\u00e9rabilit\u00e9 ne concerne que Microsoft XML\n    CoreServices 3.0 et 4.0 ;\n-   un probl\u00e8me dans le traitement des en-t\u00eates peut \u00eatre exploit\u00e9 pour\n    acc\u00e9der \u00e0 des informations d\u0027un autre domaine dans Internet Explorer\n    (CVE-2008-4033). Cette vuln\u00e9rabilit\u00e9 concerne toutes les versions.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0099"
    },
    {
      "name": "CVE-2008-4029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4029"
    },
    {
      "name": "CVE-2008-4033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4033"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-550",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft XML Core Services permettent \u00e0\nun utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou\nde porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft XML Core Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-069 du 10 novembre 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx"
    }
  ]
}

CERTA-2008-AVI-550

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités dans Microsoft XML Core Services ont été publiées :

la lecture de pages ou de courriels HTML spécialement conçus provoque une corruption de mémoire. Cette vulnérabilité peut être exploitée par un utilisateur malveillant pour exécuter du code arbitraire à distance (CVE-2007-0099). Elle ne concerne que Microsoft XML CoreServices 3.0 ;
un problème dans la gestion des DTD externes peut être exploité pour accéder à des informations d'un autre domaine dans Internet Explorer (CVE-2008-4029). Cette vulnérabilité ne concerne que Microsoft XML CoreServices 3.0 et 4.0 ;
un problème dans le traitement des en-têtes peut être exploité pour accéder à des informations d'un autre domaine dans Internet Explorer (CVE-2008-4033). Cette vulnérabilité concerne toutes les versions.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Compatibility Pack for 2007 file formats et Compatibility Pack SP1 ;
Microsoft	N/A	Windows Vista et Vista SP1, toutes éditions ;
Microsoft	N/A	Windows Server 2008, toutes éditions ;
Microsoft	N/A	Windows XP SP2 et SP3, toutes éditions ;
Microsoft	N/A	Sharepoint Server 2007 et 2007 SP1.
Microsoft	N/A	Microsoft Office 2003 SP3, 2007, 2007 SP1 et Groove Server 2007 ;
Microsoft	N/A	Expression Web et Web 2;
Microsoft	N/A	Windows Server 2003 SP1 et SP2, toutes éditions ;
Microsoft	N/A	Windows 2000 SP4, toutes éditions ;
Microsoft	N/A	Word Viewer 2003 SP3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-069 du 10 novembre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Compatibility Pack for 2007 file formats et Compatibility Pack SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista et Vista SP1, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP SP2 et SP3, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Sharepoint Server 2007 et 2007 SP1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 SP3, 2007, 2007 SP1 et Groove Server 2007 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Expression Web et Web 2;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP1 et SP2, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 SP4, toutes \u00e9ditions ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Viewer 2003 SP3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft XML Core Services ont \u00e9t\u00e9\npubli\u00e9es\u00a0:\n\n-   la lecture de pages ou de courriels HTML sp\u00e9cialement con\u00e7us\n    provoque une corruption de m\u00e9moire. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\n    exploit\u00e9e par un utilisateur malveillant pour ex\u00e9cuter du code\n    arbitraire \u00e0 distance (CVE-2007-0099). Elle ne concerne que\n    Microsoft XML CoreServices 3.0 ;\n-   un probl\u00e8me dans la gestion des DTD externes peut \u00eatre exploit\u00e9 pour\n    acc\u00e9der \u00e0 des informations d\u0027un autre domaine dans Internet Explorer\n    (CVE-2008-4029). Cette vuln\u00e9rabilit\u00e9 ne concerne que Microsoft XML\n    CoreServices 3.0 et 4.0 ;\n-   un probl\u00e8me dans le traitement des en-t\u00eates peut \u00eatre exploit\u00e9 pour\n    acc\u00e9der \u00e0 des informations d\u0027un autre domaine dans Internet Explorer\n    (CVE-2008-4033). Cette vuln\u00e9rabilit\u00e9 concerne toutes les versions.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0099"
    },
    {
      "name": "CVE-2008-4029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4029"
    },
    {
      "name": "CVE-2008-4033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4033"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-550",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft XML Core Services permettent \u00e0\nun utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou\nde porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft XML Core Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-069 du 10 novembre 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx"
    }
  ]
}

GSD-2007-0099

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0099

Aliases

CVE-2007-0099

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0099",
    "description": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\"",
    "id": "GSD-2007-0099"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0099"
      ],
      "details": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\"",
      "id": "GSD-2007-0099",
      "modified": "2023-12-13T01:21:35.973583Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0099",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SSRT080164",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
          },
          {
            "name": "32627",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32627"
          },
          {
            "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
          },
          {
            "name": "TA08-316A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
          },
          {
            "name": "21872",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21872"
          },
          {
            "name": "http://isc.sans.org/diary.php?storyid=2004",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.php?storyid=2004"
          },
          {
            "name": "23655",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23655"
          },
          {
            "name": "HPSBST02386",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
          },
          {
            "name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
          },
          {
            "name": "ADV-2008-3111",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3111"
          },
          {
            "name": "MS08-069",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
          },
          {
            "name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
          },
          {
            "name": "1021164",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021164"
          },
          {
            "name": "oval:org.mitre.oval:def:5793",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
          },
          {
            "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
          },
          {
            "name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0099"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://isc.sans.org/diary.php?storyid=2004",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary.php?storyid=2004"
            },
            {
              "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
            },
            {
              "name": "21872",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/21872"
            },
            {
              "name": "23655",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23655"
            },
            {
              "name": "32627",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32627"
            },
            {
              "name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
            },
            {
              "name": "1021164",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021164"
            },
            {
              "name": "TA08-316A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
            },
            {
              "name": "ADV-2008-3111",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3111"
            },
            {
              "name": "SSRT080164",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:5793",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
            },
            {
              "name": "MS08-069",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
            },
            {
              "name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
            },
            {
              "name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
            },
            {
              "name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:31Z",
      "publishedDate": "2007-01-08T20:28Z"
    }
  }
}

FKIE_CVE-2007-0099

Vulnerability from fkie_nvd - Published: 2007-01-08 20:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html
cve@mitre.org	http://isc.sans.org/diary.php?storyid=2004
cve@mitre.org	http://marc.info/?l=bugtraq&m=122703006921213&w=2
cve@mitre.org	http://osvdb.org/32627
cve@mitre.org	http://seclists.org/fulldisclosure/2007/Jan/0110.html
cve@mitre.org	http://secunia.com/advisories/23655	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1021164
cve@mitre.org	http://www.securityfocus.com/archive/1/455965/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/455986/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/456343/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/21872	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-316A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3111	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.php?storyid=2004
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=122703006921213&w=2
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32627
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2007/Jan/0110.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23655	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021164
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/455965/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/455986/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/456343/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21872	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-316A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3111	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793

Impacted products

	Vendor	Product	Version
	microsoft	xml_core_services	3.0
	microsoft	internet_explorer	6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Una condici\u00f3n de carrera en el m\u00f3dulo msxml3 de Microsoft XML Core Services versi\u00f3n 3.0, tal como es usado en Internet Explorer versi\u00f3n 6 y otras aplicaciones, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representaci\u00f3n de documentos sincr\u00f3nicos se interrumpe con frecuencia con eventos asincr\u00f3nicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"MSXML Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2007-0099",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-08T20:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://isc.sans.org/diary.php?storyid=2004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23655"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21872"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3111"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.php?storyid=2004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-59GP-6QVH-C3PG

Vulnerability from github – Published: 2022-05-01 17:41 – Updated: 2022-05-01 17:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-08T20:28:00Z",
    "severity": "HIGH"
  },
  "details": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\"",
  "id": "GHSA-59gp-6qvh-c3pg",
  "modified": "2022-05-01T17:41:40Z",
  "published": "2022-05-01T17:41:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0099"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.php?storyid=2004"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=122703006921213\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32627"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23655"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021164"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21872"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0099 (GCVE-0-2007-0099)

CERTA-2008-AVI-550

Description

Solution

CERTA-2008-AVI-550

Description

Solution

GSD-2007-0099

FKIE_CVE-2007-0099

GHSA-59GP-6QVH-C3PG

Tags

Sightings

Nomenclature