Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability

Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly handle certain error checks.

An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks.