{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T21:04:37.217","vulnerabilities":[{"cve":{"id":"CVE-2008-4033","sourceIdentifier":"secure@microsoft.com","published":"2008-11-12T23:30:02.727","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka \"MSXML Header Request Vulnerability.\""},{"lang":"es","value":"Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como \"Vulnerabilidad de la solicitud de la cabecera MSXML\"."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*","matchCriteriaId":"3C9B9BE3-6F83-469E-834F-3E00CFECD8E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*","matchCriteriaId":"FE8F4276-4D97-480D-A542-FE9982FFD765"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*","matchCriteriaId":"2978BF86-5A1A-438E-B81F-F360D0E30C9C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*","matchCriteriaId":"D56B932B-9593-44E2-B610-E4EB2143EB21"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*","matchCriteriaId":"7519928D-0FF2-4584-8058-4C7764CD5671"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0C28897B-044A-447B-AD76-6397F8190177"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*","matchCriteriaId":"32623D48-7000-4C7D-823F-7D2A9841D88C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*","matchCriteriaId":"36559BC0-44D7-48B3-86FF-1BFF0257B5ED"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*","matchCriteriaId":"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0A0D2704-C058-420B-B368-372D1129E914"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*","matchCriteriaId":"9B339C33-8896-4896-88FF-88E74FDBC543"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*","matchCriteriaId":"CE477A73-4EE4-41E9-8694-5A3D5DC88656"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*","matchCriteriaId":"73052210-0B42-46AA-9F28-AAE3E9B6DE87"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*","matchCriteriaId":"FE8F4276-4D97-480D-A542-FE9982FFD765"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*","matchCriteriaId":"2978BF86-5A1A-438E-B81F-F360D0E30C9C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*","matchCriteriaId":"32623D48-7000-4C7D-823F-7D2A9841D88C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*","matchCriteriaId":"9B339C33-8896-4896-88FF-88E74FDBC543"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*","matchCriteriaId":"CE477A73-4EE4-41E9-8694-5A3D5DC88656"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*","matchCriteriaId":"4170FCB7-274C-4318-B7A1-8F18DE604A2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*","matchCriteriaId":"FE8F4276-4D97-480D-A542-FE9982FFD765"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*","matchCriteriaId":"2978BF86-5A1A-438E-B81F-F360D0E30C9C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*","matchCriteriaId":"32623D48-7000-4C7D-823F-7D2A9841D88C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*","matchCriteriaId":"ABBA5D64-4184-4420-B7D0-A4E41359AA5A"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*","matchCriteriaId":"CE477A73-4EE4-41E9-8694-5A3D5DC88656"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*","matchCriteriaId":"9B91A0AA-44C0-4ED8-A7AC-54C9C83FFEFE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*","matchCriteriaId":"2876FC23-21A0-4F56-B0D9-11187173F7D7"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*","matchCriteriaId":"F6761A1C-EC1C-4B00-8126-D58DAB51267A"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*","matchCriteriaId":"355F60DB-EC9A-4054-8023-BD16D5723C9F"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*","matchCriteriaId":"69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:office_compatibility_pack:*:*:*:*:*:*:*:*","matchCriteriaId":"53DC2480-5B8D-4E96-BD54-17561B1FFE7F"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:office_compatibility_pack:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C0BBD1BF-B54F-41C7-AB52-0B93E647C98D"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"B4B148CC-6C58-411B-8503-01F3BE1D5906"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*","matchCriteriaId":"864B622E-B522-4791-AC82-0711130544BA"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*","matchCriteriaId":"CF3C2971-447B-4054-86C6-3169B82E525B"}]}]}],"references":[{"url":"http://marc.info/?l=bugtraq&m=122703006921213&w=2","source":"secure@microsoft.com"},{"url":"http://securitytracker.com/id?1021164","source":"secure@microsoft.com"},{"url":"http://www.securityfocus.com/bid/32204","source":"secure@microsoft.com","tags":["Patch"]},{"url":"http://www.us-cert.gov/cas/techalerts/TA08-316A.html","source":"secure@microsoft.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2008/3111","source":"secure@microsoft.com"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847","source":"secure@microsoft.com"},{"url":"http://marc.info/?l=bugtraq&m=122703006921213&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securitytracker.com/id?1021164","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/32204","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.us-cert.gov/cas/techalerts/TA08-316A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2008/3111","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}