cvelistv5 - CVE-2008-4020

CVE-2008-4020 (GCVE-0-2008-4020)

Vulnerability from cvelistv5

Published

2008-10-15 00:00

Modified

2024-08-07 10:00

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."

References

URL

Tags

secure@microsoft.com	http://jvn.jp/en/jp/JVN55410403/index.html
secure@microsoft.com	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html
secure@microsoft.com	http://marc.info/?l=bugtraq&m=122479227205998&w=2
secure@microsoft.com	http://marc.info/?l=bugtraq&m=122479227205998&w=2
secure@microsoft.com	http://secunia.com/advisories/32138	Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/31693	Patch
secure@microsoft.com	http://www.securitytracker.com/id?1021045
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-288A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/2807
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45546
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45550
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN55410403/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=122479227205998&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=122479227205998&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32138	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31693	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021045
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-288A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2807
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45546
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45550
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-2807",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2807"
          },
          {
            "name": "32138",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32138"
          },
          {
            "name": "office-cdo-xss(45546)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
          },
          {
            "name": "SSRT080143",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
          },
          {
            "name": "JVNDB-2008-000070",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
          },
          {
            "name": "MS08-056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
          },
          {
            "name": "HPSBST02379",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
          },
          {
            "name": "win-ms08kb957699-update(45550)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
          },
          {
            "name": "oval:org.mitre.oval:def:5969",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
          },
          {
            "name": "JVN#55410403",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
          },
          {
            "name": "1021045",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021045"
          },
          {
            "name": "31693",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31693"
          },
          {
            "name": "TA08-288A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2008-2807",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2807"
        },
        {
          "name": "32138",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32138"
        },
        {
          "name": "office-cdo-xss(45546)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
        },
        {
          "name": "SSRT080143",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
        },
        {
          "name": "JVNDB-2008-000070",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
        },
        {
          "name": "MS08-056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
        },
        {
          "name": "HPSBST02379",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
        },
        {
          "name": "win-ms08kb957699-update(45550)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
        },
        {
          "name": "oval:org.mitre.oval:def:5969",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
        },
        {
          "name": "JVN#55410403",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
        },
        {
          "name": "1021045",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021045"
        },
        {
          "name": "31693",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31693"
        },
        {
          "name": "TA08-288A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-4020",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-2807",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2807"
            },
            {
              "name": "32138",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32138"
            },
            {
              "name": "office-cdo-xss(45546)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
            },
            {
              "name": "SSRT080143",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
            },
            {
              "name": "JVNDB-2008-000070",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
            },
            {
              "name": "MS08-056",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
            },
            {
              "name": "HPSBST02379",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
            },
            {
              "name": "win-ms08kb957699-update(45550)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
            },
            {
              "name": "oval:org.mitre.oval:def:5969",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
            },
            {
              "name": "JVN#55410403",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
            },
            {
              "name": "1021045",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021045"
            },
            {
              "name": "31693",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31693"
            },
            {
              "name": "TA08-288A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-4020",
    "datePublished": "2008-10-15T00:00:00",
    "dateReserved": "2008-09-10T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4020\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-10-15T00:12:15.957\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \\\"Content-Disposition: attachment\\\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \\\"Vulnerability in Content-Disposition Header Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Microsoft Office XP SP3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante un documento que contiene una cabecera \\\"Content-Disposition: attachment\\\" y se accede a ella a trav\u00e9s de un cdo: URL; esto traduce el contexto en vez de mostrar un cuadro de di\u00e1logo de Descarga de Fichero. Tambi\u00e9n se conoce como \\\"Vulnerabilidad en Cabeceras Content-Disposition\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN55410403/index.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/32138\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31693\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1021045\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-288A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2807\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45546\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45550\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://jvn.jp/en/jp/JVN55410403/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1021045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-288A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2807\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2008-4020

Vulnerability from fkie_nvd

Published

2008-10-15 00:12

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://jvn.jp/en/jp/JVN55410403/index.html
secure@microsoft.com	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html
secure@microsoft.com	http://marc.info/?l=bugtraq&m=122479227205998&w=2
secure@microsoft.com	http://secunia.com/advisories/32138	Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/31693	Patch
secure@microsoft.com	http://www.securitytracker.com/id?1021045
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-288A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/2807
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45546
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45550
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN55410403/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=122479227205998&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32138	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31693	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021045
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-288A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2807
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45546
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45550
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969

Impacted products

	Vendor	Product	Version
	microsoft	office	xp

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Microsoft Office XP SP3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante un documento que contiene una cabecera \"Content-Disposition: attachment\" y se accede a ella a trav\u00e9s de un cdo: URL; esto traduce el contexto en vez de mostrar un cuadro de di\u00e1logo de Descarga de Fichero. Tambi\u00e9n se conoce como \"Vulnerabilidad en Cabeceras Content-Disposition\"."
    }
  ],
  "id": "CVE-2008-4020",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-10-15T00:12:15.957",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32138"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31693"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021045"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/2807"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-497

Vulnerability from certfr_avis

Une vulnérabilité affectant Microsoft Office permet à une personne malintentionnée de porter atteinte à la confidentialité des données.

Description

Une vulnérabilité affectant la gestion du protocole CDO (Collaboration Data Objects) de Microsoft Office permet à une personne malveillante de porter atteinte à la confidentialité des données via une adresse réticulaire CDO spécialement conçue. Cette vulnérabilité permet via le navigateur du client de divulguer des informations, d'usurper du contenu ou d'entreprendre des actions que l'utilisateur pourrait effectuer sur le site Web affecté.

Solution

Se référer au bulletin de sécurité MS08-056 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Office	Microsoft Office XP Service Pack 3.

References

Title

Publication Time

ghsa-hmhj-jwx3-6q6x

Vulnerability from github

Published

2022-05-02 00:05

Modified

2022-05-02 00:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-15T00:12:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\"",
  "id": "GHSA-hmhj-jwx3-6q6x",
  "modified": "2022-05-02T00:05:57Z",
  "published": "2022-05-02T00:05:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4020"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32138"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31693"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021045"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2807"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2008-4020

Vulnerability from jvndb

Published

2008-10-22 17:49

Modified

2008-10-22 17:49

Severity ?

() - -

Summary

Internet Explorer vulnerable in handling CDO protocol

Details

Internet Explorer is vulnerable in handling CDO (Collaboration Data Objects) protocol, which allows the download dialog box to be bypassed. When Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field. This could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the Microsoft Corporation under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN55410403/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA08-288A/
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4020
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4020
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA08-288A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA08-288A.html
	SECUNIA	http://secunia.com/advisories/32138/
	BID	http://www.securityfocus.com/bid/31693
	FRSIRT	http://www.frsirt.com/english/advisories/2008/2807
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Microsoft Corporation

Microsoft Office

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000070.html",
  "dc:date": "2008-10-22T17:49+09:00",
  "dcterms:issued": "2008-10-22T17:49+09:00",
  "dcterms:modified": "2008-10-22T17:49+09:00",
  "description": "Internet Explorer is vulnerable in handling CDO (Collaboration Data Objects) protocol, which allows the download dialog box to be bypassed.\r\n\r\nWhen Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field.\r\nThis could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component.\r\n\r\nNetAgent Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the Microsoft Corporation under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000070.html",
  "sec:cpe": {
    "#text": "cpe:/a:microsoft:office",
    "@product": "Microsoft Office",
    "@vendor": "Microsoft Corporation",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000070",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN55410403/index.html",
      "@id": "JVN#55410403",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-288A/",
      "@id": "TRTA08-288A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4020",
      "@id": "CVE-2008-4020",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4020",
      "@id": "CVE-2008-4020",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-288A.html",
      "@id": "SA08-288A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html",
      "@id": "TA08-288A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/32138/",
      "@id": "SA32138",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/31693",
      "@id": "31693",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/2807",
      "@id": "FrSIRT/ADV-2008-2807",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html",
      "@id": "JVNDB-2008-000070",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Internet Explorer vulnerable in handling CDO protocol"
}

gsd-2008-4020

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-4020

Aliases

CVE-2008-4020

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4020",
    "description": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\"",
    "id": "GSD-2008-4020"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4020"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\"",
      "id": "GSD-2008-4020",
      "modified": "2023-12-13T01:22:59.908279Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-4020",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-2807",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2807"
          },
          {
            "name": "32138",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32138"
          },
          {
            "name": "office-cdo-xss(45546)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
          },
          {
            "name": "SSRT080143",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
          },
          {
            "name": "JVNDB-2008-000070",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
          },
          {
            "name": "MS08-056",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
          },
          {
            "name": "HPSBST02379",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
          },
          {
            "name": "win-ms08kb957699-update(45550)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
          },
          {
            "name": "oval:org.mitre.oval:def:5969",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
          },
          {
            "name": "JVN#55410403",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
          },
          {
            "name": "1021045",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021045"
          },
          {
            "name": "31693",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31693"
          },
          {
            "name": "TA08-288A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-4020"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1021045",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021045"
            },
            {
              "name": "32138",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32138"
            },
            {
              "name": "31693",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/31693"
            },
            {
              "name": "TA08-288A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
            },
            {
              "name": "SSRT080143",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2"
            },
            {
              "name": "JVN#55410403",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN55410403/index.html"
            },
            {
              "name": "JVNDB-2008-000070",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
            },
            {
              "name": "ADV-2008-2807",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2807"
            },
            {
              "name": "win-ms08kb957699-update(45550)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
            },
            {
              "name": "office-cdo-xss(45546)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
            },
            {
              "name": "oval:org.mitre.oval:def:5969",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
            },
            {
              "name": "MS08-056",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:48Z",
      "publishedDate": "2008-10-15T00:12Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-4020 (GCVE-0-2008-4020)

Vulnerability from cvelistv5

fkie_cve-2008-4020

Vulnerability from fkie_nvd

CERTA-2008-AVI-497

Vulnerability from certfr_avis

Description

Solution

ghsa-hmhj-jwx3-6q6x

Vulnerability from github

CVE-2008-4020

Vulnerability from jvndb

gsd-2008-4020

Vulnerability from gsd

Tags

Sightings

Nomenclature