Secunia Security Advisory - A vulnerability has been reported in Microsoft PowerPoint 2000, which can be exploited by malicious people to gain knowledge of sensitive information.
2f5e7c415f232333418ee3ad04f00b95f6e6438b5e6d07ab90920280d00cb02c
TITLE:
Microsoft PowerPoint Temporary Internet Files Information Disclosure
SECUNIA ADVISORY ID:
SA18865
VERIFY ADVISORY:
http://secunia.com/advisories/18865/
CRITICAL:
Less critical
IMPACT:
Exposure of system information, Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Microsoft Office 2000
http://secunia.com/product/24/
Microsoft PowerPoint 2000
http://secunia.com/product/3052/
DESCRIPTION:
A vulnerability has been reported in Microsoft PowerPoint 2000, which
can be exploited by malicious people to gain knowledge of sensitive
information.
The vulnerability is caused due to an error within the interaction
between PowerPoint and Internet Explorer when rendering HTML data.
This can be exploited to access objects in the Temporary Internet
Files Folder (TIFF) explicitly by name on a user's system.
Successful exploitation requires that a user e.g. is tricked into
visiting a malicious web site. It is not directly possible to execute
code on the system, but it may provide sensitive information that aids
in further compromise of the vulnerable system.
SOLUTION:
Apply patch.
Microsoft PowerPoint 2000 (requires Office 2000 SP3):
http://www.microsoft.com/downloads/details.aspx?familyid=E51B27C8-2F31-4E99-B868-CE626FED5B7D
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Yorick Koster, ITsec Security Services.
The vendor also credits Andreas Sandblad for reporting a similar
issue.
ORIGINAL ADVISORY:
MS06-010 (KB889167):
http://www.microsoft.com/technet/security/Bulletin/MS06-010.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------