Vulnerabilities > Microsoft > Expression WEB

DATE CVE VULNERABILITY TITLE RISK
2008-11-12 CVE-2008-4033 Information Exposure vulnerability in Microsoft XML Core Services
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
network
microsoft CWE-200
4.3
2007-08-14 CVE-2007-2223 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
network
microsoft CWE-119
critical
9.3