Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2009-02-04 |
Product | Xml Core Services | Last view | 2009-02-04 |
Version | * | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:microsoft:xml_core_services |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2009-02-04 | CVE-2009-0419 | Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
56438 | Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness |
OpenVAS Exploits
id | Description |
---|---|
2009-02-18 | Name : Microsoft XML Core Service Information Disclosure Vulnerability File : nvt/secpod_ms_xml_core_svc_info_disc_vuln.nasl |