5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.034 Low
EPSS
Percentile
91.5%
Microsoft Word and Excel contain special encoding tags for formatting and updating content. An attacker may be able to use these tags to exploit an information disclosure vulnerability.
Microsoft Word and Microsoft Excel are applications that ship as part of the Microsoft Office distribution. Microsoft Word (all versions) and Microsoft Excel 2002 contain special encoding tags that can be used to update or include text in a document or spreadsheet. In Microsoft Word, these tags are known as field codes. In Microsoft Excel, they are known as external updates. Some of these tags can enable an attacker to embed local information into a document and have it returned via a web site. Likewise, if the victim were to open a document and then return it to the attacker, sensitive information could be included in the document. In order to successfully exploit this vulnerability, the attacker would have to know the path of the target file, and trick the victim into opening the malicious document.
An attacker may be able to gather sensitive data stored on the victim’s machine.
Microsoft has release Security Bulletin MS02-059 to address this vulnerability.
899713
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 17, 2002
Affected
Please see Microsoft Security Bulletin MS02-059.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23899713 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Microsoft and Alex Gantman for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2002-1143 |
---|---|
Severity Metric: | 0.61 Date Public: |