mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
1.0 KiB
1.0 KiB
CVE-2007-0099
Description
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
POC
Reference
- http://isc.sans.org/diary.php?storyid=2004
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069
Github
No PoCs found on GitHub currently.