IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.

The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.