[原文]Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
The discoverer of this vulnerability wishes to remain anonymous.
Microsoft InfoPath 2003 SP1
Microsoft Office 2003 SP1
Microsoft InfoPath 2003
Microsoft Office 2003 0
Microsoft InfoPath is reported prone to an insecure data storage vulnerability. It is reported that the issue manifests when functionality that was introduced with service pack one is employed.
An attacker that can access the 'Manifest.xsf' file may employ stored data to aid in further attacks.
No exploit is required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.