MS08-056: Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS (957699)

low Nessus Plugin ID 34401

Synopsis

The remote installation of Microsoft Office is vulnerable to an information disclosure flaw.

Description

The remote host is running a version of Microsoft Office that is subject to an information disclosure flaw.

When a user clicks on a special CDO URL, an attacker could inject a client side script that could be used to disclose information.

To succeed, the attacker would have to send a rogue CDO URL to a user of the remote computer and have it click it.

Solution

Microsoft has released a set of patches for Office XP.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-056

Plugin Details

Severity: Low

ID: 34401

File Name: smb_nt_ms08-056.nasl

Version: 1.30

Type: local

Agent: windows

Published: 10/15/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2008

Vulnerability Publication Date: 10/14/2008

Reference Information

CVE: CVE-2008-4020

BID: 31693

CWE: 79

MSFT: MS08-056

MSKB: 956464