{"id": "CVE-2002-1339", "bulletinFamily": "NVD", "title": "CVE-2002-1339", "description": "The \"XMLURL\" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.", "published": "2002-12-18T00:00:00", "modified": "2016-10-17T22:26:05", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1339", "reporter": "NVD", "references": ["http://security.greymagic.com/adv/gm008-ie/", "http://marc.info/?l=bugtraq&m=101830175621193&w=2"], "cvelist": ["CVE-2002-1339"], "type": "cve", "lastseen": "2017-04-18T15:49:50", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:office_web_components:2002"], "cvelist": ["CVE-2002-1339"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "The \"XMLURL\" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.", "edition": 1, "hash": "cd101aab54b54110d67ed7251a0b685f827a6073d9d8464810b889bc9ce568e1", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "55d5ffab3c8d71aee6cf07dcdc5a43d0", "key": "title"}, {"hash": "f7f737fcf6550433b2524c6a588035ac", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e4ca9121be02310147bd287e724731c5", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "4c7e5de5a7e27e8ff710e44cd66972f4", "key": "modified"}, {"hash": "c65a1f7d65468fa9dfcc2dad19caabca", "key": "cpe"}, {"hash": "6bface7802ec16d2b533d8fbc127ee9f", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "1cc1a87108eee04e41695645e7dbabab", "key": "cvelist"}, {"hash": "b23e5575ebfaab1b11fc36803e030c46", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1339", "id": "CVE-2002-1339", "lastseen": "2016-09-03T03:35:39", "modified": "2008-09-10T15:14:18", "objectVersion": "1.2", "published": "2002-12-18T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2", "http://security.greymagic.com/adv/gm008-ie/"], "reporter": "NVD", "scanner": [], "title": "CVE-2002-1339", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:35:39"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c65a1f7d65468fa9dfcc2dad19caabca"}, {"key": "cvelist", "hash": "1cc1a87108eee04e41695645e7dbabab"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "b23e5575ebfaab1b11fc36803e030c46"}, {"key": "href", "hash": "e4ca9121be02310147bd287e724731c5"}, {"key": "modified", "hash": "9af48d22a61dc980e2c09c54fc9d56c6"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6bface7802ec16d2b533d8fbc127ee9f"}, {"key": "references", "hash": "06c5a1ea6d99e1a7b78ca582ad58d93c"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "55d5ffab3c8d71aee6cf07dcdc5a43d0"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "84a5c18231fa6b5701a729e1c5a3cd2fbe4907283ab5176a42fefb99f1345962", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:microsoft:office_web_components:2002"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-04-18T15:49:50"}, "vulnersScore": 5.0}}

{"osvdb": [{"lastseen": "2017-04-28T13:19:57", "references": [], "edition": 1, "description": "## Technical Description\nMicrosoft Office Web Components contain a flaw that allows a remote attacker to verify the existance of a file. The issue is due to the Spreadsheet component in OWC and the \"XMLURL\" propertly, which blindly follows redirections. This allows remote attackers to assign a URL which redirects to a local file and determine if it exists based on the error message returned. This flaw can also be used to read properly formatted WorkSheet XML files from any location.\n\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable Active X controls through the browser security settings.\n## References:\nISS X-Force ID: 8785\nGeneric Informational URL: http://security.greymagic.com/adv/gm008-ie/\n[CVE-2002-1339](https://vulners.com/cve/CVE-2002-1339)\nBugtraq ID: 4455\n", "reporter": "OSVDB", "published": "2002-02-25T00:00:00", "title": "Microsoft IE OWC XMLURL File Existence Verification", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Internet Explorer", "version": "6.0", "operator": "eq"}, {"name": "Internet Explorer", "version": "5.0", "operator": "eq"}, {"name": "Office Web Components (OWC)", "version": "2000", "operator": "eq"}, {"name": "Internet Explorer", "version": "5.5", "operator": "eq"}, {"name": "Office Web Components (OWC)", "version": "XP", "operator": "eq"}], "cvelist": ["CVE-2002-1339"], "modified": "2002-02-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:3010", "id": "OSVDB:3010", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}