CVE-2008-4020

Name of the Vulnerable Software and Affected Versions Microsoft Office XP version SP3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a document containing a "Content-Disposition: attachment" header, accessed through a cdo: URL. This renders the content instead of raising a File Download dialog box.

Recommendations For Microsoft Office XP version SP3, consider disabling access to cdo: URLs as a temporary workaround until a patch is available. Restrict the rendering of content from documents with a "Content-Disposition: attachment" header to minimize the risk of exploitation.