CVE-2008-4020

Cross-site scripting XSS vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download...

MS08-056: Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS (957699)

The remote host is running a version of Microsoft Office that is subject to an information disclosure flaw. When a user clicks on a special CDO URL, an attacker could inject a client side script that could be used to disclose information. To succeed, the attacker would have to send a rogue CDO UR...