Technical Information

Brief overview of the risk:
A vulnerability exists in the way that Office processes documents using the CDO Protocol (cdo:) and the Content-Disposition: Attachment header. These documents may be incorrectly rendered in the web browser, leading to cross-site scripting.
Detailed Information on the risk:
An attacker who successfully exploited this vulnerability could inject a client side script in the user’s browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.Further information on this exploit is available at : MS08-056