CVE-2008-6063

Name of the Vulnerable Software and Affected Versions Microsoft Word 2007

Description The issue allows remote attackers to obtain sensitive information, such as the sender's account name and a Temporary Internet Files subdirectory name, when the "Save as PDF" add-on is enabled and an "Email as PDF" operation is performed. This occurs because Microsoft Word 2007 places an absolute pathname in the Subject field.

Recommendations For Microsoft Word 2007, consider disabling the "Save as PDF" add-on to prevent sensitive information disclosure until a fix is available. Restrict the use of the "Email as PDF" operation to minimize the risk of exploitation.