Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
AV:N/AC:M/Au:N/C:P/I:N/A:N
05/02/2009
by Microsoft
2 months ago