CVE-2008-3007Improper Input Validation in Microsoft Office

CWE-20Improper Input Validation2 documents2 sources
Severity
9.3CRITICALNVD
EPSS
59.1%
top 1.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Office Onenote
Timeline
PublishedSep 11
Latest updateMay 1

Description

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/office2003, 2007, xp+2

🔴Vulnerability Details

1
GHSA
GHSA-76gc-c529-wjrc: Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 202022-05-01
CVE-2008-3007 — Improper Input Validation in Microsoft | cvebase