CVE-2006-0004

Vulnerability

Microsoft PowerPoint 2000 running on Office 2000 Service Pack 3 contains an information disclosure vulnerability (CVE-2006-0004). The bug is triggered when PowerPoint attempts to render HTML in a presentation, failing to properly restrict access to objects in the Temporary Internet Files Folder (TIFF) [1][3]. This affects only PowerPoint 2000; Office XP, Office 2003, and PowerPoint 2002/2003 are not vulnerable [1].

Exploitation

An attacker must craft a malicious PowerPoint presentation that references specific objects by name in the victim's Temporary Internet Files Folder. The victim must open the presentation in PowerPoint 2000. No special network position or authentication is required beyond convincing the user to open the file [1][2][3]. The attacker needs prior knowledge of the exact filenames of objects within the TIFF directory [3].

Impact

Successful exploitation results in information disclosure: the attacker can remotely read the contents of files in the victim's Temporary Internet Files Folder, which may contain sensitive data such as cached credentials, session tokens, or other private information. This vulnerability does not allow code execution or direct privilege escalation [1][3].

Mitigation

Microsoft released security update MS06-010 on February 14, 2006, which addresses the vulnerability for PowerPoint 2000 [1]. The update is available for download; customers should apply it at the earliest opportunity. System administrators can also restrict opening of PowerPoint files from untrusted sources as a workaround [1][3].