Gravedad: Medio
  Identificadores de CVE : CVE-2008-4033
  Fecha recomendada: 21 de julio de 2015

  Descripción

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

  Revelación de la información

Apply associated Trend Micro DPI Rules.

  Soluciones

  Trend Micro Deep Security DPI Rule Number: 1003012
  Trend Micro Deep Security DPI Rule Name: 1003012 - MSXML Header Request Vulnerability

  Software y versión afectados

  • Microsoft 20007_Office_System sp1
  • Microsoft Expression_web 2
  • Microsoft Office 2003
  • Microsoft Office_compatibility_pack_for_word_excel_ppt_2007
  • Microsoft Office_groove_server 2007
  • Microsoft Office_sharepoint_server 2007
  • Microsoft Word_Viewer 2003