Microsoft Security Bulletin MS06-010:
Vulnerability in PowerPoint 2000 Could Allow Information Disclosure
(889167)
Bulletin URL:
<http://www.microsoft.com/technet/security/Bulletin/MS06-010.mspx>
Version Number: 1.0
Issued Date: Tuesday, February 14, 2006
Impact of Vulnerability: Information Disclosure
Maximum Severity Rating: Important
Patch(es) Replaced: None
Caveats: None
Tested Software:
Affected Software:
------------------
* Microsoft Office 2000 Service Pack 3
- PowerPoint 2000 - Download the update
* PowerPoint 2000
Technical Description:
----------------------
* PowerPoint Temporary Internet Files Information Disclosure
Vulnerability - CVE-2006-0004: An Information Disclosure vulnerability
exists in PowerPoint. An attacker who successfully exploited this
vulnerability could remotely attempt to access objects in the Temporary
Internet Files Folder (TIFF) explicitly by name. Note that this
vulnerability would not allow an attacker to execute code or to elevate
their user rights directly, but it could be used to produce useful
information that could be used to try to further compromise the affected
system.
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.01.2194.14842)
Cheers,
Russ Cooper - Senior Scientist - Cybertrust/NTBugtraq Editor
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
