Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2008-09-10 |
Product | Office Onenote | Last view | 2008-09-10 |
Version | 2010 | Type | |
Update | sp1 | ||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:microsoft:office_onenote:2007:sp1:*:*:*:*:*:* | 1 |
cpe:2.3:a:microsoft:office_onenote:2007:gold:*:*:*:*:*:* | 1 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2008-09-10 | CVE-2008-3007 | Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:5970 | Uniform Resource Locator Validation Error Vulnerability |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
47964 | Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary... |
OpenVAS Exploits
id | Description |
---|---|
2008-09-10 | Name : Microsoft Office Remote Code Execution Vulnerabilities (955047) File : nvt/secpod_ms08-055_900046.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2008-B-0058 | Microsoft Office Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0017345 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office OneNote iframe caller exploit attempt RuleID : 14262 - Type : FILE-OFFICE - Revision : 16 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2008-09-10 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms08-055.nasl - Type: ACT_GATHER_INFO |