Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote malicious users to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft word 2007 |