CVE-2002-0860

The LoadText method in the spreadsheet component in Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file...

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

CVE-2002-1340

The "ConnectionFile" property in the DataSourceControl component in Office Web Components OWC 10 allows remote attackers to determine the existence of local files by detecting an exception...

CVE-2002-1338

The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...

CVE-2002-1339

The "XMLURL" property in the Spreadsheet component of Office Web Components OWC 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files...

CVE-2002-1338

CVE-2002-1338 affects the Chart component in Office Web Components (OWC) 9 and 10. The Load method throws an exception when a referenced file does not exist, which can be leveraged by an attacker to determine the existence of local files on the target system. The issue is described in multiple so...

CVE-2002-1340

The "ConnectionFile" property in the DataSourceControl component in Office Web Components OWC 10 allows remote attackers to determine the existence of local files by detecting an exception...

CVE-2002-1338

The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...

CVE-2002-1339

The "XMLURL" property in the Spreadsheet component of Office Web Components OWC 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files...

CVE-2002-1142

Heap-based buffer overflow in the Remote Data Services RDS component of Microsoft Data Access Components MDAC 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub...

CERT Advisory CA-2002-33 Heap Overflow Vulnerability in Microsoft Data

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-33 Heap Overflow Vulnerability in Microsoft Data Access Components MDAC Original release date: November 21, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected All Microso...

Buffer overflow in MDAC

Buffer overflow on maleformed RDS request...

Microsoft Security Bulletin MS02-065: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution Q329414 Date: 20 November, 2002 Software: Microsoft Data Access Components MDAC 2.1 Microsoft Data...

Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request

Overview A vulnerability in the Microsoft Data Access Components MDAC could lead to remote execution of code with the privileges of the current process, or user. Description Microsoft Data Access Components MDAC is a collection of utilities and routines to process requests between databases and...

Microsoft Data Access Components RDS Buffer Overflow Vulnerability

Description Microsoft Data Access Components MDAC contains a buffer overflow in a Remote Data Services RDS component. The server side RDS component affected is called the RDS Data Stub, while the client side is called the Data Space control. Successful exploitation of this vulnerability could all...

CVE-2002-0860

The LoadText method in the spreadsheet component in Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file...

CVE-2002-0727

The Host function in Microsoft Office Web Components OWC 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method...

CVE-2002-0861

Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the 1 Copy method of the Cell object or 2 the Paste method of the Range object...

Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method

Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...

Microsoft Office Web Components allows reading of local files via "LoadText" method by using URL redirection

Overview The Microsoft Office Web Components allow a remote attacker to read arbitrary files. Description The Microsoft Office Web Components OWC are ActiveX controls that can be embedded in web pages. These controls give users of a website limited Microsoft Office functionality, without having t...