CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0099

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1820%
EPSS Percentile29.15th
PublishedJan 8, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Xml Core Services

= 3.0
πŸ“¦
Microsoft

Internet Explorer

= 6

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html
πŸ”— http://isc.sans.org/diary.php?storyid=2004
πŸ”— http://marc.info/?l=bugtraq&m=122703006921213&w=2
πŸ”— http://osvdb.org/32627
πŸ”— http://seclists.org/fulldisclosure/2007/Jan/0110.html
πŸ”— http://secunia.com/advisories/23655
πŸ”— http://securitytracker.com/id?1021164
πŸ”— http://www.securityfocus.com/archive/1/455965/100/0/threaded

Related Vulnerabilities

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...