Summary
This host is missing critical security update according to Microsoft Bulletin MS08-056.
Impact
Successful exploitation could allow documents incorrectly rendered in the web browser, leading to cross site scripting attack.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-056.mspx
Insight
The flaw exists due to the way that Office processes documents using the CDO Protocol (cdo:) and the Content-Disposition Attachment header.
Affected
Microsoft Office XP Service Pack 3 on Windows (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4020 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Office Web Apps HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
- ASP.NET MVC Security Feature Bypass Vulnerability (2990942)
- Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
- Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)