CVE-2007-0099 - OpenCVE

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Explorer Xml Core Services

Configuration 1 [-]

AND

cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html
http://isc.sans.org/diary.php?storyid=2004
http://marc.info/?l=bugtraq&m=122703006921213&w=2
http://osvdb.org/32627
http://seclists.org/fulldisclosure/2007/Jan/0110.html
http://secunia.com/advisories/23655	Vendor Advisory
http://securitytracker.com/id?1021164
http://www.securityfocus.com/archive/1/455965/100/0/threaded
http://www.securityfocus.com/archive/1/455986/100/0/threaded
http://www.securityfocus.com/archive/1/456343/100/0/threaded
http://www.securityfocus.com/bid/21872	Patch
http://www.us-cert.gov/cas/techalerts/TA08-316A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3111	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-08T20:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-01-08T00:00:00

Link: CVE-2007-0099

JSON object: View

NVD Information

Status : Modified

Published: 2007-01-08T20:28:00.000

Modified: 2018-10-16T16:31:09.353

Link: CVE-2007-0099

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SSRT080164", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122703006921213&w=2"}, {"name": "32627", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32627"}, {"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"}, {"name": "TA08-316A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"}, {"name": "21872", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21872"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.php?storyid=2004"}, {"name": "23655", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23655"}, {"name": "HPSBST02386", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122703006921213&w=2"}, {"name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"}, {"name": "ADV-2008-3111", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3111"}, {"name": "MS08-069", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"}, {"name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"}, {"name": "1021164", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021164"}, {"name": "oval:org.mitre.oval:def:5793", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"}, {"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"}, {"name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0099", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSRT080164", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122703006921213&w=2"}, {"name": "32627", "refsource": "OSVDB", "url": "http://osvdb.org/32627"}, {"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"}, {"name": "TA08-316A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"}, {"name": "21872", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21872"}, {"name": "http://isc.sans.org/diary.php?storyid=2004", "refsource": "MISC", "url": "http://isc.sans.org/diary.php?storyid=2004"}, {"name": "23655", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23655"}, {"name": "HPSBST02386", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122703006921213&w=2"}, {"name": "20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"}, {"name": "ADV-2008-3111", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3111"}, {"name": "MS08-069", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"}, {"name": "20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"}, {"name": "1021164", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021164"}, {"name": "oval:org.mitre.oval:def:5793", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"}, {"name": "20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"}, {"name": "20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0099", "datePublished": "2007-01-08T20:00:00", "dateReserved": "2007-01-08T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "73052210-0B42-46AA-9F28-AAE3E9B6DE87", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka \"MSXML Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Una condici\u00f3n de carrera en el m\u00f3dulo msxml3 de Microsoft XML Core Services versi\u00f3n 3.0, tal como es usado en Internet Explorer versi\u00f3n 6 y otras aplicaciones, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representaci\u00f3n de documentos sincr\u00f3nicos se interrumpe con frecuencia con eventos asincr\u00f3nicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"MSXML Memory Corruption Vulnerability\"."}], "id": "CVE-2007-0099", "lastModified": "2018-10-16T16:31:09.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-01-08T20:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html"}, {"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.php?storyid=2004"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=122703006921213&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32627"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2007/Jan/0110.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23655"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021164"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/455965/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/455986/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456343/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21872"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-316A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3111"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5793"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}