Intrusion PreventionMS.Office.Onenote.Arbitrary.File.Download
Description
This indicates an attack attempt against a remote code-execution vulnerability in Microsoft Office.
A vulnerability has been reported in Microsoft Office that may allow an attacker to execute arbitrary code on a vulnerable system. This is possible because the user input filters fail to properly sanitize the URL that is passed to the OneNote protocol handler. It allow remote attackers to execute arbitrary code
by tricking users into accessing a malicious web page.
Affected Products
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System
2007 Microsoft Office System Service Pack 1
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007 Service Pack 1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-055.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-07-09 | 14.645 | Sig Added |
| ID | 15821 |
| Created | Sep 12, 2008 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2008-3007 |
| Exploit Prediction Score | 86.87% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Office |