Summary
This host is missing critical security update according to Microsoft Bulletin MS08-056.
Impact
Successful exploitation could allow documents incorrectly rendered in the web browser, leading to cross site scripting attack.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-056.mspx
Insight
The flaw exists due to the way that Office processes documents using the CDO Protocol (cdo:) and the Content-Disposition Attachment header.
Affected
Microsoft Office XP Service Pack 3 on Windows (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4020 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
- Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
- Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
- IE VBScript Handling patch (Q318089)
- Microsoft ISA Server DNS - Denial Of Service (MS03-009)