MS.XML.Core.Services.Information

Name	MS.XML.Core.Services.Information.Disclosure
Release Date	Nov 14, 2008
Severity	Low
Impact	Information disclosure.
Description	This indicates a possible attempt to exploit an information disclosure vulnerability in Microsoft XML Core Services. The vulnerability is caused by an error that occurs when the vulnerable module handles a specially crafted transfer-encoding header. It allows information disclosure if a user browses to a malicious Web site.
Affected Products	Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Service Pack 3 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Vista Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista x64 Edition Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems* Microsoft Windows Server 2008 for x64-based Systems* Microsoft Windows Server 2008 for Itanium-based Systems
Recommended Actions	Apply patch: http://www.microsoft.com/technet/security/Bulletin/ms08-069.mspx.
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-4033
Microsoft Bulletin ID	MS08-069 http://www.microsoft.com/technet/security/Bulletin/ms08-069.mspx

Reference: VID-16124