Intrusion Prevention

MS.MSXML.DTD.Cross.Domain.Scripting.Information.Disclosure

Description

This indicates a possible attempt to exploit an Information Disclosure vulnerability in Microsoft XML Core Services.
The vulnerability is caused by the software's mishandling of error checks for external document type definitions. It could lead to information disclosure or cross-domain attacks.

Affected Products

Microsoft XML Core Services version 6.0 and earlier.

Impact

Information disclosure.

Recommended Actions

Apply the patch, available from the vendor's web site:
http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx

CVE References

CVE-2008-4029