CVE-2008-4033

medium Microsoft
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Score
62.6%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None
Published: November 12, 2008 (6391 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

CWE

CWE-200

Affected Products

microsoft xml core services

References

🔗 marc.info 🔗 securitytracker.com 🔗 www.securityfocus.com 🔗 www.us-cert.gov 🔗 www.vupen.com