CVE-2008-4020
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."
Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Microsoft Office XP SP3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante un documento que contiene una cabecera "Content-Disposition: attachment" y se accede a ella a través de un cdo: URL; esto traduce el contexto en vez de mostrar un cuadro de diálogo de Descarga de Fichero. También se conoce como "Vulnerabilidad en Cabeceras Content-Disposition".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-10 CVE Reserved
- 2008-10-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://jvn.jp/en/jp/JVN55410403/index.html | Third Party Advisory | |
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html | Third Party Advisory | |
http://www.securitytracker.com/id?1021045 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory | |
http://www.vupen.com/english/advisories/2008/2807 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45546 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45550 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/32138 | 2018-10-12 | |
http://www.securityfocus.com/bid/31693 | 2018-10-12 |
URL | Date | SRC |
---|---|---|
http://marc.info/?l=bugtraq&m=122479227205998&w=2 | 2018-10-12 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056 | 2018-10-12 |