CVE-2007-0099

Loading...

General

Score:9.3/10.0
Severity:High
Category:Interaction Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2008-4029, CVE-2008-4033

Published on 08/01/07 - Updated on 11/10/17

Description

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Category: Interaction Error

CWE-362 (Race Conditions)
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Security Notices

US National Vulnerability DatabaseCVE-2007-0099
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-550
Microsoft MS08-069

Exploits

SecurityFocusBID-21872

Relative technologies

VendorProduct
microsoftinternet_explorer
microsoftxml_core_services

Share this vulnerability with:

Twitter Facebook LinkedIn Mail