Intrusion Prevention

MS.MSXML.DTD.Cross.Domain.Scripting

Description

This indicates a possible attempt to exploit an information disclosure vulnerability in Microsoft XML Core Services, which is caused by its way of handling error checks for external document type definitions. The vulnerability could lead to information disclosure or cross-domain attacks.

Affected Products

MSXML versions prior to v6

Impact

Information disclosure

Recommended Actions

Apply the patch, available from the vendor's web site: http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx.

CVE References

CVE-2008-4029