Vigil@nce - Microsoft FrontPage: information disclosure via DTD Entities
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a FrontPage document
using DTD entities, in order to obtain the content of a file
located on victim’s computer.
– Impacted products: Office, Microsoft FrontPage
– Severity: 2/4
– Creation date: 11/09/2013
DESCRIPTION OF THE VULNERABILITY
FrontPage documents use XML data. The DTD (Document Type
Definition) of the XML document can define new entities (&entity;).
However, these entities can point to an external file. FrontPage
does not perform this check, and accepts to integrate data from
the external file in his own document.
An attacker can therefore invite the victim to open a FrontPage
document using DTD entities, in order to obtain the content of a
file located on victim’s computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-FrontPage-information-disclosure-via-DTD-Entities-13408