返回 CVE 瀏覽器

CVE-2007-0099

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1820%

EPSS Percentile29.15th

Published2007年1月8日

Last Modified2026年4月23日

Vulnerability Description

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Xml Core Services

= 3.0

📦

Microsoft

Internet Explorer

= 6

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html

🔗 http://isc.sans.org/diary.php?storyid=2004

🔗 http://marc.info/?l=bugtraq&m=122703006921213&w=2

🔗 http://osvdb.org/32627

🔗 http://seclists.org/fulldisclosure/2007/Jan/0110.html

🔗 http://secunia.com/advisories/23655

🔗 http://securitytracker.com/id?1021164

🔗 http://www.securityfocus.com/archive/1/455965/100/0/threaded

相關漏洞威脅

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...