Oval Definition:oval:org.mitre.oval:def:5970
Revision Date:2013-09-02Version:10
Title:Uniform Resource Locator Validation Error Vulnerability
Description:Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-3007
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2007 Compatibility Pack
Microsoft Office XP
Microsoft OneNote 2007
Definition Synopsis
  • AND
  • Microsoft Office XP is installed
  • AND Mso.dll version is less than 10.0.6845.0
  • OR
  • Microsoft Office 2003 is installed
  • AND Mso.dll version is less than 11.0.8221.0
  • OR
  • Microsoft Office 2007 is installed
  • AND Mso.dll version is less than 12.0.6320.5000
  • OR
  • OneNote 2007 is installed
  • AND Check if the version of onenote.exe is less than 12.0.6316.5000
    • BACK