Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4020


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4020
Last Modified 07 Mar 2011 10:11:49
Published 14 Oct 2008 08:12:15
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."

Vulnerable Systems


  • Microsoft Office Xp


CERT - TA08-288A

BID - 31693

MS - MS08-056

SECUNIA - 32138

XF - win-ms08kb957699-update(45550)

XF - office-cdo-xss(45546)

VUPEN - ADV-2008-2807

SECTRACK - 1021045

HP - SSRT080143

JVNDB - JVNDB-2008-000070

JVN - JVN#55410403

HP - HPSBST02379

Last Updated: 27 May 2016 10:49:56