Back to search
CVE-2008-4020
Published: Oct 15, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2008-2807
vdb-entry
x_refsource_VUPEN
32138
third-party-advisory
x_refsource_SECUNIA
office-cdo-xss(45546)
vdb-entry
x_refsource_XF
SSRT080143
vendor-advisory
x_refsource_HP
JVNDB-2008-000070
third-party-advisory
x_refsource_JVNDB
MS08-056
vendor-advisory
x_refsource_MS
HPSBST02379
vendor-advisory
x_refsource_HP
win-ms08kb957699-update(45550)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:5969
vdb-entry
signature
x_refsource_OVAL
JVN#55410403
third-party-advisory
x_refsource_JVN
1021045
vdb-entry
x_refsource_SECTRACK
31693
vdb-entry
x_refsource_BID
TA08-288A
third-party-advisory
x_refsource_CERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now