Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6063

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6063
Last Modified 05 Feb 2009 12:00:00
Published 04 Feb 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6063

Summary

Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.

Vulnerable Systems

Application

  • Microsoft Word 2007


References

BUGTRAQ - 20080110 Word 2007 Email as PDF path disclosure flaw


Last Updated: 27 May 2016 10:49:02