<< Back
CVE Number Vulnerability Product Severity Date
MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure(957699) Microsoft Office Critical 15-10-2008

Technical Information

Brief overview of the risk:
A vulnerability exists in the way that Office processes documents using the CDO Protocol (cdo:) and the Content-Disposition: Attachment header. These documents may be incorrectly rendered in the web browser, leading to cross-site scripting.
Detailed Information on the risk:
An attacker who successfully exploited this vulnerability could inject a client side script in the user’s browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.Further information on this exploit is available at : MS08-056

Affected Software

Microsoft Office XP Service Pack 3