Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0860

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0860
Last Modified 10 Sep 2008 03:13:02
Published 24 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0860

Summary

The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.

Vulnerable Systems

Application

  • Microsoft Office Web Components 2000

  • Microsoft Office Web Components 2002

  • Microsoft Project 2000

  • Microsoft Project 2002


References

MS - MS02-044

XF - owc-spreadsheet-loadtext-read-files (8778)

BID - 4453

OSVDB - 3007

BUGTRAQ - 20020408 Reading local files with OWC in IE (GM#006-IE)


Last Updated: 27 May 2016 10:37:06