CVE-2002-1143

Опубликовано: 11 апр. 2003

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

Ссылки

http://marc.info/?l=bugtraq&m=103040003014999&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=103252858816401&w=2
Mailing List
Third Party Advisory
http://www.iss.net/security_center/static/10008.php
Broken Link
http://www.iss.net/security_center/static/10155.php
Broken Link
http://www.kb.cert.org/vuls/id/899713
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
Patch
Vendor Advisory
http://www.securityfocus.com/bid/5586
Exploit
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/5764
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
Third Party Advisory
http://marc.info/?l=bugtraq&m=103040003014999&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=103252858816401&w=2
Mailing List
Third Party Advisory
http://www.iss.net/security_center/static/10008.php
Broken Link
http://www.iss.net/security_center/static/10155.php
Broken Link
http://www.kb.cert.org/vuls/id/899713
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
Patch
Vendor Advisory
http://www.securityfocus.com/bid/5586
Exploit
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/5764
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*

cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*

cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*

cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*

cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.32477

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5jm3-4wj9-623c

github

почти 4 года назад