Home

CVE-2008-3007

Description

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka Uniform Resource Locator Validation Error Vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
59.13

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Microsoft Office XP (KB953405)Windows
Security Update for Microsoft Office XP (KB953405)Windows
Security Update for Microsoft Office 2003 (KB953404)Windows
Security Update for the 2007 Microsoft Office System (KB951944)Windows
Security Update for Microsoft Office 2003 (KB953404) for SP3Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234