JVN#55410403 Internet Explorer vulnerable in handling CDO protocol

When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field. This could cause a download dialog box not to be displayed prior to...

Microsoft Office CDO协议跨站脚本漏洞（MS08-056）

BUGTRAQ ID: 31693 CVECAN ID: CVE-2008-4020 Microsoft Office是非常流行的办公软件套件。 Office的cdo: URI处理器没有正确地处理包含有Content-Disposition: attachment头的请求，如果用户受骗跟随了恶意的链接的话，CDO协议处理器没有显示文件下载对话框而是在浏览器中呈现文件请求，这可能导致跨站脚本攻击。 Microsoft Office XP SP3 临时解决方法： 禁用OneNote协议处理程序，请注销以下三个注册表项：...

MS08-056: Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS (957699)

The remote host is running a version of Microsoft Office that is subject to an information disclosure flaw. When a user clicks on a special CDO URL, an attacker could inject a client side script that could be used to disclose information. To succeed, the attacker would have to send a rogue CDO UR...

Microsoft Office CDO Protocol Cross Site Scripting Vulnerability

Description Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner. Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an...

Microsoft Office Content-Disposition Header Code Execution (MS08-056; CVE-2008-4020)

Cross-site scripting XSS could enable an attacker to inject code into a user's session with a Web site. A cross-site scripting vulnerability has been reported in Microsoft Office. The vulnerability is due to a flaw in the cdo:// protocol that does not respect the "content-disposition: attachment"...