Signature Detail

HTTP: Microsoft Internet Explorer CDO Protocol URI in Web Page

This signature detects attempts to exploit a known vulnerability in Internet Explorer. An attacker can create a malicious Web site containing Web pages with CDO URIs, which if accessed by a victim, allows the attacker to gain control of the victims client browser. Note: CDO URIs are used as part of the Microsoft Office collaboration and their use may not be indicative of malicious activity.

Extended Description

Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner. Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Office XP Service Pack 3 is vulnerable.

Affected Products

• Microsoft Office XP SP3

References

• CVE: CVE-2008-4020