Vulnerability Details CVE-2002-1143
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.325
EPSS Ranking 96.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=103040003014999&w=2
- http://marc.info/?l=bugtraq&m=103252858816401&w=2
- http://www.iss.net/security_center/static/10008.php
- http://www.iss.net/security_center/static/10155.php
- http://www.kb.cert.org/vuls/id/899713
- http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
- http://www.securityfocus.com/bid/5586
- http://www.securityfocus.com/bid/5764
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
- http://marc.info/?l=bugtraq&m=103040003014999&w=2
- http://marc.info/?l=bugtraq&m=103252858816401&w=2
- http://www.iss.net/security_center/static/10008.php
- http://www.iss.net/security_center/static/10155.php
- http://www.kb.cert.org/vuls/id/899713
- http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
- http://www.securityfocus.com/bid/5586
- http://www.securityfocus.com/bid/5764
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
Products affected by CVE-2002-1143
-
cpe:2.3:a:microsoft:excel:2002
-
cpe:2.3:a:microsoft:word:2000
-
cpe:2.3:a:microsoft:word:2001
-
cpe:2.3:a:microsoft:word:2002
-
cpe:2.3:a:microsoft:word:97
-
cpe:2.3:a:microsoft:word:98