Gravité: : Medium
  Identifiant(s) CVE: : CVE-2008-4033
  Date du conseil: 21 juillet 2015

  Description

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

  Information Exposure Rating:

Apply associated Trend Micro DPI Rules.

  Solutions

  Trend Micro Deep Security DPI Rule Number: 1003012
  Trend Micro Deep Security DPI Rule Name: 1003012 - MSXML Header Request Vulnerability

  Affected software and version:

  • Microsoft 20007_Office_System sp1
  • Microsoft Expression_web 2
  • Microsoft Office 2003
  • Microsoft Office_compatibility_pack_for_word_excel_ppt_2007
  • Microsoft Office_groove_server 2007
  • Microsoft Office_sharepoint_server 2007
  • Microsoft Word_Viewer 2003