Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1143

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1143
Last Modified 10 Sep 2008 03:13:57
Published 11 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1143

Summary

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

Vulnerable Systems

Application

  • Microsoft Excel 2002

  • Microsoft Word

  • Microsoft Word 2000

  • Microsoft Word 2001

  • Microsoft Word 2002

  • Microsoft Word 97

  • Microsoft Word 98


References

CERT-VN - VU#899713

BID - 5586

MS - MS02-059

XF - word-includetext-read-files(10008)

BID - 5764

CONFIRM - http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

XF - word-includepicture-read-files(10155)

BUGTRAQ - 20020826 Security side-effects of Word fields

BUGTRAQ - 20020919 More vulnerabilities (Re: Security side-effects of Word fields)


Last Updated: 27 May 2016 10:37:12