MS08-055: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047)

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.

Synopsis :

Arbitrary code can be executed on the remote host through Microsoft

Description :

The version of Microsoft Office running on the remote host is affected
by an argument injection vulnerability. By convincing a user to click
on a specially crafted OneNote URL, a remote attacker can exploit this
to execute arbitrary code or view or change data with current user

See also :

Solution :

Microsoft has released a set of patches for Office XP, 2003, 2007 and
OneNote 2007.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 34123 ()

Bugtraq ID: 31067

CVE ID: CVE-2008-3007

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now