This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2009-02-04 |
| Product | Xml Core Services | Last view | 2009-02-04 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:xml_core_services | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2009-02-04 | CVE-2009-0419 | Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 56438 | Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-02-18 | Name : Microsoft XML Core Service Information Disclosure Vulnerability File : nvt/secpod_ms_xml_core_svc_info_disc_vuln.nasl |
