JVN#55410403 Internet Explorer vulnerable in handling CDO protocol

Overview

Internet Explorer is vulnerable in handling CDO (Collaboration Data Objects) protocol, which allows the download dialog box to be bypassed.

Products Affected

Microsoft Office XP SP3

Description

When Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field.
This could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component.

Impact

An arbitrary script could be executed without explicit user consent, as the download dialog box is not displayed on the user's IE.

Solution

Update the Software
Update to the latest version according to the information provided by the vendor.

Vendor Status

Vendor	Link
Microsoft	Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.10.20

Measures	Conditions	Severity
Access Required	Routed - can be attacked over the Internet using packets	High
Authentication	None - anonymous or no authentication (IP addresses do not count)	High
User Interaction Required	Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file	Medium
Exploit Complexity	Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)	Medium-High

Description of each analysis measures

Credit

NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the Microsoft Corporation under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2008-4020
JVN iPedia	JVNDB-2008-000070