Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0727

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0727
Last Modified 10 Sep 2008 03:12:46
Published 24 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0727

Summary

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Vulnerable Systems

Application

  • Microsoft Office Web Components 2000

  • Microsoft Office Web Components 2002

  • Microsoft Project 2002


References

MS - MS02-044

XF - owc-spreadsheet-host-script-execution (8777)

BID - 4449

OSVDB - 3006

BUGTRAQ - 20020408 Scripting for the scriptless with OWC in IE (GM#005-IE)


Last Updated: 27 May 2016 10:37:02