MS08-056: Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS (957699)

Low Nessus Plugin ID 34401


The remote installation of Microsoft Office is vulnerable to an information disclosure flaw.


The remote host is running a version of Microsoft Office that is subject to an information disclosure flaw.

When a user clicks on a special CDO URL, an attacker could inject a client side script that could be used to disclose information.

To succeed, the attacker would have to send a rogue CDO URL to a user of the remote computer and have it click it.


Microsoft has released a set of patches for Office XP.

See Also

Plugin Details

Severity: Low

ID: 34401

File Name: smb_nt_ms08-056.nasl

Version: $Revision: 1.28 $

Type: local

Agent: windows

Published: 2008/10/15

Modified: 2017/08/10

Dependencies: 57033, 13855

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/10/14

Vulnerability Publication Date: 2008/10/14

Reference Information

CVE: CVE-2008-4020

BID: 31693

OSVDB: 49052

MSFT: MS08-056

MSKB: 956464

CWE: 79