Vigil@nce: Office XP, Cross Site Scripting of CDO
October 2008 by Vigil@nce
SYNTHESIS
An attacker can create a web document containing a cdo: uri in
order to generate a Cross Site Scripting in Office XP.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/10/2008
IMPACTED PRODUCTS
– Microsoft Access
– Microsoft Excel
– Microsoft Outlook
– Microsoft PowerPoint
– Microsoft Publisher
– Microsoft Visio
– Microsoft Word
DESCRIPTION
When a web page returns a "Content-Disposition: attachment"
header, a dialog box is opened to ask user what to do with the
file.
Office XP enables "cdo:" uris, but their content is always
displayed without asking the user. This creates a Cross Site
Scripting.
An attacker can therefore create a web document containing a cdo:
uri in order to generate a Cross Site Scripting in Office XP.
CHARACTERISTICS
Identifiers: 957699, BID-31693, CVE-2008-4020, MS08-056,
VIGILANCE-VUL-8169