CVE-2002-1143 - Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field cod

CVE-2002-1143

Summary

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*
cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 12-10-2018 - 21:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2012-05-28T04:01:27.174-04:00

class

vulnerability

contributors

name Ingrid Skoog
organization The MITRE Corporation
name Ingrid Skoog
organization The MITRE Corporation
name John Hoyland
organization Centennial Software
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:202

status

accepted

submitted

2004-08-24T12:00:00.000-04:00

title

Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure

version

refmap via4

bid	5586 5764
bugtraq	20020826 Security side-effects of Word fields 20020919 More vulnerabilities (Re: Security side-effects of Word fields)
cert-vn	VU#899713
confirm	http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
xf	word-includepicture-read-files(10155) word-includetext-read-files(10008)

Last major update

12-10-2018 - 21:32

Published

11-04-2003 - 04:00

Last modified

12-10-2018 - 21:32