Description
Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486088/100/0/threaded
Scores
EPSS
0.1027
EPSS Percentile
95.1%
Details
CWE
CWE-200
Status
published
Products (1)
microsoft/word
2007
Published
Feb 05, 2009
Tracked Since
Feb 18, 2026