Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3007

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3007
Last Modified 07 Mar 2011 10:10:04
Published 10 Sep 2008 09:11:47
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3007

Summary

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office 2003

  • Microsoft Office 2007

  • Microsoft Office Onenote 2007

  • Microsoft Office Xp


References

CERT - TA08-253A

VUPEN - ADV-2008-2523

SECTRACK - 1020833

BID - 31067

BUGTRAQ - 20080909 Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability

MS - MS08-055

MISC - http://www.insomniasec.com/advisories/ISVA-080910.1.htm

HP - SSRT080133

HP - HPSBST02372


Last Updated: 27 May 2016 10:49:57