CVE-2008-6063 β€” Sensitive Information Exposure in Microsoft Word

CWE-200 β€” Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
17.4%
top 4.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Word
Timeline
PublishedFeb 5
Latest updateMay 14

Description

Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

β–ΆNVDmicrosoft/word2007

πŸ”΄Vulnerability Details

2
GHSA
GHSA-h5ph-4698-hx9r: Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, wh↗2022-05-14
β–Ά
CVEList
CVE-2008-6063: Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, wh↗2009-02-05
β–Ά
CVE-2008-6063 β€” Sensitive Information Exposure | cvebase