Lucene search

[email protected]NVD:CVE-2002-1143

HistoryApr 11, 2003 - 4:00 a.m.

CVE-2002-1143

2003-04-1104:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.027

Percentile

90.7%

JSON

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka “Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.”

Affected configurations

Nvd

Node

microsoftexcelMatch2002

microsoftexcelMatch2002sp1

microsoftexcelMatch2002sp2

microsoftwordmac_os_x

microsoftwordMatch97

microsoftwordMatch97sr1

microsoftwordMatch97sr2

microsoftwordMatch98

microsoftwordMatch98mac_os_x

microsoftwordMatch98ja

microsoftwordMatch2000

microsoftwordMatch2000sp2

microsoftwordMatch2000sr1

microsoftwordMatch2000sr1a

microsoftwordMatch2001mac_os_x

microsoftwordMatch2002

microsoftwordMatch2002sp1

microsoftwordMatch2002sp2

VendorProductVersionCPE
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
microsoftword*cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*
microsoftword97cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
microsoftword97cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
microsoftword97cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
microsoftword98cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
microsoftword98cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*
microsoftword98cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:::::::*
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:sp1::::::
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:sp2::::::
microsoft	word	*	cpe:2.3:a:microsoft:word::::::mac_os_x::*
microsoft	word	97	cpe:2.3:a:microsoft:word:97:::::::*
microsoft	word	97	cpe:2.3:a:microsoft:word:97:sr1::::::
microsoft	word	97	cpe:2.3:a:microsoft:word:97:sr2::::::
microsoft	word	98	cpe:2.3:a:microsoft:word:98:::::::*
microsoft	word	98	cpe:2.3:a:microsoft:word:98:::::mac_os_x::
microsoft	word	98	cpe:2.3:a:microsoft:word:98:::ja::::

Rows per page:

1-10 of 181

References

marc.info/?l=bugtraq&m=103040003014999&w=2

marc.info/?l=bugtraq&m=103252858816401&w=2

www.iss.net/security_center/static/10008.php

www.iss.net/security_center/static/10155.php

www.kb.cert.org/vuls/id/899713

www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

www.securityfocus.com/bid/5586

www.securityfocus.com/bid/5764

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.027

Percentile

90.7%

JSON

Related for NVD:CVE-2002-1143

cve1 exploitdb2 cvelist1 cert1