TITLE: Microsoft PowerPoint Temporary Internet Files Information Disclosure
SECUNIA ADVISORY ID: SA18865 VERIFY ADVISORY: http://secunia.com/advisories/18865/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From remote SOFTWARE: Microsoft Office 2000 http://secunia.com/product/24/ Microsoft PowerPoint 2000 http://secunia.com/product/3052/ DESCRIPTION: A vulnerability has been reported in Microsoft PowerPoint 2000, which can be exploited by malicious people to gain knowledge of sensitive information. The vulnerability is caused due to an error within the interaction between PowerPoint and Internet Explorer when rendering HTML data. This can be exploited to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name on a user's system. Successful exploitation requires that a user e.g. is tricked into visiting a malicious web site. It is not directly possible to execute code on the system, but it may provide sensitive information that aids in further compromise of the vulnerable system. SOLUTION: Apply patch. Microsoft PowerPoint 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?familyid=E51B27C8-2F31-4E99-B868-CE626FED5B7D ORIGINAL ADVISORY: MS06-010 (KB889167): http://www.microsoft.com/technet/security/Bulletin/MS06-010.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
