Signature Detail
Short Name |
HTTP:STC:IE:ONENOTE-URL |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Office Uniform Resources Locator Vulnerability |
Release Date |
2008/09/09 |
Update Number |
1259 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Office Uniform Resources Locator Vulnerability
This signature detects incorrectly directed OneNote URLs in HTTP traffic. Malicious Web sites can redirect users to these URLs to gain control of vulnerable browsers. Computers running Microsoft Office 2007 are vulnerable.
Extended Description
Microsoft Office OneNote is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Affected Products
- HP Storage Management Appliance 2.1
- HP Storage Management Appliance I
- HP Storage Management Appliance II
- HP Storage Management Appliance III
- Microsoft Office 2003 SP1
- Microsoft Office 2003 SP2
- Microsoft Office 2003 SP3
- Microsoft Office 2003
- Microsoft Office 2007 SP1
- Microsoft Office 2007
- Microsoft Office XP SP1
- Microsoft Office XP SP2
- Microsoft Office XP SP3
- Microsoft Office XP
- Microsoft OneNote 2007 SP1
- Microsoft OneNote 2007
References