Intrusion Prevention

MS.Office.Onenote.Remote.Arbitrary.File.Download

Description

This indicates an attack attempt against a remote Code Execution vulnerability in Microsoft Office.
The vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. This is possible because the user input filters fail to properly sanitize the URL that is passed to the OneNote protocol handler, allowing remote attackers to execute arbitrary code by tricking users into accessing a malicious web page.

Affected Products

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System
2007 Microsoft Office System Service Pack 1
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007 Service Pack 1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-055.mspx

CVE References

CVE-2008-3007