Microsoft Office CDO Protocol Cross Site Scripting Vulnerability

Microsoft Office CDO Protocol Cross Site Scripting Vulnerability

Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner.

Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Office XP Service Pack 3 is vulnerable.