Argument Injection Vulnerability in Microsoft Office Products
CVE-2008-3007

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Office Onenote
Vendor: CVE Published:; 11 September 2008

What is CVE-2008-3007?

A vulnerability exists in Microsoft Office products that allows remote attackers to exploit a flaw in URI handler processing. By crafting a malicious onenote:// URL, attackers can execute arbitrary code on the user's machine when the link is accessed. This can lead to unauthorized access and manipulation of sensitive data. Users are advised to be cautious when clicking on links and to ensure that their software is fully updated to mitigate risks.

References

http://www.securityfocus.com/bid/31067

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

61% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008