Lucene search

[email protected]NVD:CVE-2002-0727

HistorySep 24, 2002 - 4:00 a.m.

CVE-2002-0727

2002-09-2404:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Affected configurations

Nvd

Node

microsoftoffice_web_componentsMatch2000

microsoftoffice_web_componentsMatch2002

microsoftprojectMatch2002

VendorProductVersionCPE
microsoftoffice_web_components2000cpe:2.3:a:microsoft:office_web_components:2000:*:*:*:*:*:*:*
microsoftoffice_web_components2002cpe:2.3:a:microsoft:office_web_components:2002:*:*:*:*:*:*:*
microsoftproject2002cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_web_components	2000	cpe:2.3:a:microsoft:office_web_components:2000:::::::*
microsoft	office_web_components	2002	cpe:2.3:a:microsoft:office_web_components:2002:::::::*
microsoft	project	2002	cpe:2.3:a:microsoft:project:2002:::::::*

References

marc.info/?l=bugtraq&m=101829645415486&w=2

www.iss.net/security_center/static/8777.php

www.osvdb.org/3006

www.securityfocus.com/bid/4449

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON

Related for NVD:CVE-2002-0727

cve1 cvelist1