CVE-2008-0110
iDEFENSE Security Advisory 2008-03-11.3
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
Vulnerabilidad no especificada de Microsoft Outlook en Office 2000 SP3, XP SP3, 2003 SP2 y Sp3, y sistemas Office permite a atacantes remotos asistidos por usuarios ejecutar código de su elección mediante la modificación de un mailto URI.
Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution. It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration. iDefense has confirmed the existence of this vulnerability in Microsoft Outlook 2007 on Windows XP SP2. Previous versions may also be affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-07 CVE Reserved
- 2008-03-11 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/393305 | Third Party Advisory |
|
| http://www.securitytracker.com/id?1019579 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-071A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/0847/references | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5278 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/28147 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=120585858807305&w=2 | 2018-10-12 | |
| http://secunia.com/advisories/29320 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-015 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2000 Search vendor "Microsoft" for product "Office" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | xp Search vendor "Microsoft" for product "Office" and version "xp" | sp3 |
Affected
| ||||||