Vulnerabilities > CVE-2002-1143 - Unspecified vulnerability in Microsoft Excel and Word
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 18 |
Exploit-Db
description MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure. CVE-2002-1143. Remote exploit for windows platform id EDB-ID:21764 last seen 2016-02-02 modified 2002-08-26 published 2002-08-26 reporter Alex Gantman source https://www.exploit-db.com/download/21764/ title Microsoft Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure description MS Word 95/97/98/2000/2002 INCLUDEPICTURE Document Sharing File Disclosure. CVE-2002-1143. Remote exploit for windows platform id EDB-ID:21812 last seen 2016-02-02 modified 2002-09-20 published 2002-09-20 reporter Richard Edwards source https://www.exploit-db.com/download/21812/ title Microsoft Word 95/97/98/2000/2002 INCLUDEPICTURE Document Sharing File Disclosure
Oval
| accepted | 2012-05-28T04:01:27.174-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| description | Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:202 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2004-08-24T12:00:00.000-04:00 | ||||||||||||||||
| title | Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure | ||||||||||||||||
| version | 6 |
References
- http://marc.info/?l=bugtraq&m=103040003014999&w=2
- http://marc.info/?l=bugtraq&m=103252858816401&w=2
- http://www.iss.net/security_center/static/10008.php
- http://www.iss.net/security_center/static/10155.php
- http://www.kb.cert.org/vuls/id/899713
- http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
- http://www.securityfocus.com/bid/5586
- http://www.securityfocus.com/bid/5764
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202