Microsoft Office CDO Protocol Cross Site Scripting Vulnerability

ID SMNTC-31693
Type symantec
Reporter Symantec Security Response
Modified 2008-10-14T00:00:00



Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner. Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Office XP Service Pack 3 is vulnerable.

Technologies Affected

  • Microsoft Office XP SP3


Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious network traffic.

Run all software as a nonprivileged user with minimal access rights.
If possible, running software as a user with least privileges possible can help mitigate the impact of exploit attempts against latent vulnerabilities in applications.

Set web browser security to disable the execution of script code or active content.
Since exploiting this issue requires the execution of malicious script code in web clients, consider disabling script code and active content support within a client browser as a way to prevent a successful exploit. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.

The vendor released an advisory along with fixes to address this issue. Please see the references for more information.