CVE-2008-3007

N/A Unknown

Published: September 11, 2008 Modified: April 23, 2026

Description

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://marc.info/?l=bugtraq&m=122235754013992&w=2

Source: secure@microsoft.com

http://www.insomniasec.com/advisories/ISVA-080910.1.htm

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/496178/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/31067

Source: secure@microsoft.com

http://www.securitytracker.com/id?1020833

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2008/2523

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-055

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5970

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=122235754013992&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.insomniasec.com/advisories/ISVA-080910.1.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496178/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31067

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020833

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2008/2523

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-055

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5970

Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

microsoft

Related CVEs

CVE-2026-41279 N/A

CVE-2026-41278 N/A

CVE-2026-41277 N/A

CVE-2026-41276 N/A

CVE-2026-41275 N/A