CVE-2007-0099

Current Description

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Basic Data

PublishedJanuary 08, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-362
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftXml Core Services3.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftInternet Explorer6*******

Vulnerable Software List

VendorProductVersions
Microsoft Xml Core Services 3.0
Microsoft Internet Explorer 6

References

NameSourceURLTags
20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.htmlFULLDISC
http://isc.sans.org/diary.php?storyid=2004http://isc.sans.org/diary.php?storyid=2004MISC
SSRT080164http://marc.info/?l=bugtraq&m=122703006921213&w=2HP
32627http://osvdb.org/32627OSVDB
20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)http://seclists.org/fulldisclosure/2007/Jan/0110.htmlFULLDISC
23655http://secunia.com/advisories/23655SECUNIAVendor Advisory
1021164http://securitytracker.com/id?1021164SECTRACK
20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)http://www.securityfocus.com/archive/1/455965/100/0/threadedBUGTRAQ
20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)http://www.securityfocus.com/archive/1/455986/100/0/threadedBUGTRAQ
20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)http://www.securityfocus.com/archive/1/456343/100/0/threadedBUGTRAQ
21872http://www.securityfocus.com/bid/21872BIDPATCH
TA08-316Ahttp://www.us-cert.gov/cas/techalerts/TA08-316A.htmlCERTUS Government Resource
ADV-2008-3111http://www.vupen.com/english/advisories/2008/3111VUPENVendor Advisory
MS08-069https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069MS
oval:org.mitre.oval:def:5793https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793OVAL