Summary
This host is missing critical security update according to Microsoft Bulletin MS08-056.
Impact
Successful exploitation could allow documents incorrectly rendered in the web browser, leading to cross site scripting attack.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-056.mspx
Insight
The flaw exists due to the way that Office processes documents using the CDO Protocol (cdo:) and the Content-Disposition Attachment header.
Affected
Microsoft Office XP Service Pack 3 on Windows (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4020 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft RDP flaws could allow sniffing and DOS(Q324380)
- Microsoft Group Policy Preferences Privilege Elevation Vulnerability (2962486)
- Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
- Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
- Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)