Microsoft Office discloses a file path of a local file


When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text".

Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Microsoft Corporation
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office for Mac 2011


An attacker may obtain information about the file system or the user name through Office documents.

[Upgrade the Software]
Upgrade to the appropriate versions according to the information provided by the developer.

* Microsoft Office 2013 (latest version) for Office on Windows
* Microsoft Office 2016 for Mac for Office on Mac

[Apply a workaround]
The following workaround may mitigate the affects of this vulnerability.

* Manually delete or edit "alternative text" of objects in Office documents.
Vendor Information

Microsoft Corporation
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)


  1. JVN : JVN#20459920
Revision History

  • [2015/08/12]
      Web page was published