HTTP: Microsoft Office Uniform Resources Locator Vulnerability
This signature detects incorrectly directed OneNote URLs in HTTP traffic. Malicious Web sites can redirect users to these URLs to gain control of vulnerable browsers. Computers running Microsoft Office 2007 are vulnerable.
Extended Description
Microsoft Office OneNote is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft office_2007
Short Name
HTTP:STC:IE:ONENOTE-URL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-3007 Locator Microsoft Office Resources Uniform Vulnerability
Release Date
09/09/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
False Positive
Unknown
Vendors
Hp
Microsoft
CVSS Score
9.3