JVN#55410403 Internet Explorer vulnerable in handling CDO protocol

ID JVN:55410403
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-10-23T00:00:00


## Description

When Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field.
This could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component.

## Impact

An arbitrary script could be executed without explicit user consent, as the download dialog box is not displayed on the user's IE.

## Solution

Update the Software
Update to the latest version according to the information provided by the vendor.

## Products Affected

  • Microsoft Office XP SP3