CVE-2008-4029

Scores

EPSS

0.597medium59.7%

0%20%40%60%80%100%

Percentile: 59.7%

CVSS

4.3medium2.0

0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0

4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Description

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka “MSXML DTD Cross-Domain Scripting Vulnerability.”

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-200

Exploits

Exploit ID: 7196

Source: exploitdb

URL: https://www.exploit-db.com/exploits/7196

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: internet_explorer

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2008-4029

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Vulnerable Software (1)