Think you have a false positive on this rule?

Sid 1-51038


BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt


This event is generated when traffic that meets the vulnerability outlined in CVE-2008-4033 is detected.


Information disclosure


CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2008-4033: Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

Affected systems

  • microsoft xmlcoreservices 3.0
  • microsoft xmlcoreservices 4.0
  • microsoft xmlcoreservices 5.0
  • microsoft xmlcoreservices 6.0

Ease of attack


Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action


  • Cisco Talos Intelligence Group

Additional References