CVE-2008-3007

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Office Onenote
Vendor: CVE Published:; 11 September 2008

Summary

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."

References

http://www.securityfocus.com/bid/31067

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

85% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008