vendor:
Windows XP
by:
milw0rm.com
7.5
CVSS
HIGH
XML External Entity Injection
611
CWE
Product Name: Windows XP
Affected Version From: Windows XP SP2
Affected Version To: Server 2008
Patch Exists: YES
Related CWE: CVE-2008-4030
CPE: o:microsoft:windows_xp::sp2:
Metasploit:
https://www.rapid7.com/db/vulnerabilities/oracle-mysql-cve-2009-4030/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4030/, https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2009-4030/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-4030/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
KB955218 – CVE-2008-4029 – JA
This vulnerability allows remote attackers to read arbitrary files via a crafted XML document, related to an XML External Entity (XXE) injection in the MSXML parser. This vulnerability affects Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008. This vulnerability is related to CVE-2008-4030.
Mitigation:
Microsoft has released a set of patches for this vulnerability.