333 matches found
CVE-2006-4695
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."...
CVE-2002-0621
CVE-2002-0621 involves a buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000. The underlying cause is a vulnerable installer routine that can be triggered by specific input to the OWC package installer, allowing a remote attacker to cause th...
CVE-2002-0622
The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...
CVE-2002-0727
The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...
CVE-2002-0860
The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...
CVE-2002-0621
Buffer overflow in the Office Web Components OWC package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer...
CVE-2002-0622
The Office Web Components OWC package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution"...
CVE-2002-0727
The Host function in Microsoft Office Web Components OWC 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method...
CVE-2002-0860
The LoadText method in the spreadsheet component in Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file...
CVE-2002-1338
The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...
CVE-2002-1339
The "XMLURL" property in the Spreadsheet component of Office Web Components OWC 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files...
CVE-2002-1340
The "ConnectionFile" property in the DataSourceControl component in Office Web Components OWC 10 allows remote attackers to determine the existence of local files by detecting an exception...
CVE-2002-1338
CVE-2002-1338 affects the Chart component in Office Web Components (OWC) 9 and 10. The Load method throws an exception when a referenced file does not exist, which can be leveraged by an attacker to determine the existence of local files on the target system. The issue is described in multiple so...
CVE-2002-1338
The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...
CVE-2002-1339
The "XMLURL" property in the Spreadsheet component of Office Web Components OWC 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files...
CVE-2002-1340
The "ConnectionFile" property in the DataSourceControl component in Office Web Components OWC 10 allows remote attackers to determine the existence of local files by detecting an exception...
CVE-2002-0727
The Host function in Microsoft Office Web Components OWC 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method...
CVE-2002-0860
The LoadText method in the spreadsheet component in Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file...
CVE-2002-0861
Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the 1 Copy method of the Cell object or 2 the Paste method of the Range object...
Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method
Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...