CVE-2002-0618

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.guninski.com/ex$el2.html
http://www.securityfocus.com/bid/4821
http://www.iss.net/security_center/static/9399.php
http://marc.info/?l=ntbugtraq&m=102256054320377&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:excel:2002:::::::*
	cpe:2.3:a:microsoft:excel:2002:sp1::::::
	cpe:2.3:a:microsoft:office:2000:::::::*
	cpe:2.3:a:microsoft:office:xp:::::::*
	cpe:2.3:a:microsoft:excel:2000:sp2::::::
	cpe:2.3:a:microsoft:excel:2000:sr1::::::
	cpe:2.3:a:microsoft:excel:2000:::::::*

Information

Published : 2002-08-11 21:00

Updated : 2018-10-12 14:31

NVD link : CVE-2002-0618

Mitre link : CVE-2002-0618

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

excel
office

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.guninski.com/ex$el2.html", "name": "http://www.guninski.com/ex$el2.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/4821", "name": "4821", "tags": [], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/9399.php", "name": "excel-xsl-script-execution(9399)", "tags": [], "refsource": "XF"}, {"url": "http://marc.info/?l=ntbugtraq&m=102256054320377&w=2", "name": "20020524 Excel XP xml stylesheet problems", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031", "name": "MS02-031", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka \"Excel XSL Stylesheet Script Execution\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0618", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-08-12T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:31Z"}