Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
BID:12824
Info
Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
| Bugtraq ID: | 12824 |
| Class: | Design Error |
| CVE: |
CVE-2005-0820 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 16 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | The discoverer of this vulnerability wishes to remain anonymous. |
| Vulnerable: |
Microsoft InfoPath 2003 SP1 Microsoft InfoPath 2003 |
| Not Vulnerable: | |
Discussion
Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
Microsoft InfoPath is reported prone to an insecure data storage vulnerability. It is reported that the issue manifests when functionality that was introduced with service pack one is employed.
An attacker that can access the 'Manifest.xsf' file may employ stored data to aid in further attacks.
Microsoft InfoPath is reported prone to an insecure data storage vulnerability. It is reported that the issue manifests when functionality that was introduced with service pack one is employed.
An attacker that can access the 'Manifest.xsf' file may employ stored data to aid in further attacks.
Exploit / POC
Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
References:
References: