External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of NTLM hashes. According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.
tiebuchen