Informed Filler and Informed Designer document information disclosure
| informed-document-information-disclosure (10192) |  Medium Risk |
Description:
Informed Filler and Informed Designer could store sensitive information in an Informed document in plain text. A local attacker with access to the encrypted document could open the document to recover the plaintext information, which is stored at the end of the file.
Platforms Affected:
- Shana Corporation, Informed Designer 3.05
- Shana Corporation, Informed Filler 3.05
Remedy:
Upgrade to the latest version of Informed Filler and Informed Designer (4.0 or later), available from Shana Technical Support. See References.
Consequences:
Obtain Information
References:
- BugTraq Mailing List, Tue Sep 24 2002 - 23:03:20 CDT , Shana Informed 3.05 information disclosure at http://archives.neohapsis.com/archives/bugtraq/2002-09/0301.html.
- Shana Corporation Web site, Informed Designer and Manager at http://www.shana.com/techsupport/contact/default.asp.
- BID-5795: Shana Informed Information Disclosure Vulnerability
- CVE-2002-2172: Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information.
Reported:
Sep 24, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net