Think you have a false positive on this rule?

Sid 1-51038

Message

BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt

Summary

This event is generated when traffic that meets the vulnerability outlined in CVE-2008-4033 is detected.

Impact

Information disclosure

CVE-2008-4033:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2008-4033: Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

Affected systems

  • microsoft xmlcoreservices 3.0
  • microsoft xmlcoreservices 4.0
  • microsoft xmlcoreservices 5.0
  • microsoft xmlcoreservices 6.0

Ease of attack

CVE-2008-4033:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2008-4033