Executive Summary
Summary | |
---|---|
Title | Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
Informations | |||
---|---|---|---|
Name | MS08-055 | First vendor Publication | 2008-09-09 |
Vendor | Microsoft | Last vendor Modification | 2008-09-10 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (September 10, 2008): Corrected the installation switches and deployment information for OneNote 2007, and added to the list of non-affected software. Also, updated FAQ entries explaining why this update is offered to systems with non-affected software.Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-055.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5970 | |||
Oval ID: | oval:org.mitre.oval:def:5970 | ||
Title: | Uniform Resource Locator Validation Error Vulnerability | ||
Description: | Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3007 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2007 Compatibility Pack Microsoft OneNote 2007 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-10 | Name : Microsoft Office Remote Code Execution Vulnerabilities (955047) File : nvt/secpod_ms08-055_900046.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47964 | Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-09-11 | IAVM : 2008-B-0058 - Microsoft Office Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0017345 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office OneNote iframe caller exploit attempt RuleID : 14262 - Revision : 16 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-09-10 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms08-055.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 22:53:50 |
|
2014-02-17 11:46:03 |
|
2014-01-19 21:30:14 |
|
2013-12-14 21:19:30 |
|
2013-11-11 12:41:09 |
|
2013-05-11 00:49:22 |
|