Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2008/10/15 12:0 a.m.47 views

MS08-056: Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS (957699)

The remote host is running a version of Microsoft Office that is subject to an information disclosure flaw. When a user clicks on a special CDO URL, an attacker could inject a client side script that could be used to disclose information. To succeed, the attacker would have to send a rogue CDO UR...

4.3CVSS5.5AI score0.24389EPSS
Exploits1References2
Cvelist
Cvelist
added 2008/10/15 12:0 a.m.27 views

CVE-2008-4020

Cross-site scripting XSS vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download...

5.4AI score0.24389EPSS
Exploits1References12
CVE
CVE
added 2008/10/15 12:0 a.m.65 views

CVE-2008-4020

Summary: CVE-2008-4020 is a cross-site scripting vulnerability in Microsoft Office XP SP3 related to the CDO protocol handling of the Content-Disposition header. When a user accesses content via a cdo: URL, the Content-Disposition header may be ignored and the download dialog bypassed, potentiall...

4.3CVSS5.4AI score0.24389EPSS
Exploits1References12Affected Software1
Check Point Advisories
Check Point Advisories
added 2008/10/02 12:0 a.m.25 views

Microsoft Office Content-Disposition Header Code Execution (MS08-056; CVE-2008-4020)

Cross-site scripting XSS could enable an attacker to inject code into a user's session with a Web site. A cross-site scripting vulnerability has been reported in Microsoft Office. The vulnerability is due to a flaw in the cdo:// protocol that does not respect the "content-disposition: attachment"...

4.3CVSS5.2AI score0.24389EPSS
Exploits1
Rows per page
Query Builder