Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Informations
Name MS08-056 First vendor Publication 2008-10-14
Vendor Microsoft Last vendor Modification 2008-11-12
Severity (Vendor) Moderate Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (November 12, 2008): Corrected the removal information in the section, Security Update Deployment, to state that this security update cannot be uninstalled. Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS08-056.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5969
 
Oval ID: oval:org.mitre.oval:def:5969
Title: Vulnerability in Content-Disposition Header Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-4020
Version: 2
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Office XP
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2008-10-15 Name : Microsoft Office nformation Disclosure Vulnerability (957699)
File : nvt/secpod_ms08-056_900047.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
49052 Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-10-16 IAVM : 2008-T-0055 - Microsoft Office Information Disclosure Vulnerability
Severity : Category II - VMSKEY : V0017779

Nessus® Vulnerability Scanner

Date Description
2008-10-15 Name : The remote installation of Microsoft Office is vulnerable to an information d...
File : smb_nt_ms08-056.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:46:04
  • Multiple Updates
2013-11-11 12:41:09
  • Multiple Updates
2013-05-11 00:49:22
  • Multiple Updates