CVE-2008-4029

Microsoft XML Core Services <4.0 - Info Disclosure

Title source: llm

Description

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."

Exploits (1)

exploitdb WORKING POC
htmlremotewindows
https://www.exploit-db.com/exploits/7196

References (7)

Scores

EPSS 0.5973
EPSS Percentile 98.2%

Classification

CWE
CWE-200
Status draft

Affected Products (1)

microsoft/internet_explorer

Timeline

Published Nov 12, 2008
Tracked Since Feb 18, 2026