MS08-056: Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS (957699)
Low Nessus Plugin ID 34401
SynopsisThe remote installation of Microsoft Office is vulnerable to an information disclosure flaw.
DescriptionThe remote host is running a version of Microsoft Office that is subject to an information disclosure flaw.
When a user clicks on a special CDO URL, an attacker could inject a client side script that could be used to disclose information.
To succeed, the attacker would have to send a rogue CDO URL to a user of the remote computer and have it click it.
SolutionMicrosoft has released a set of patches for Office XP.