CVE-2002-1143

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/5586	Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.iss.net/security_center/static/10008.php	Broken Link
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp	Patch Vendor Advisory
http://www.securityfocus.com/bid/5764	Third Party Advisory VDB Entry
http://www.iss.net/security_center/static/10155.php	Broken Link
http://www.kb.cert.org/vuls/id/899713	Third Party Advisory US Government Resource
http://marc.info/?l=bugtraq&m=103252858816401&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=103040003014999&w=2	Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202	Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:excel:2002:sp1::::::
	cpe:2.3:a:microsoft:excel:2002:sp2::::::
	cpe:2.3:a:microsoft:word:2000:::::::*
	cpe:2.3:a:microsoft:word:2000:sp2::::::
	cpe:2.3:a:microsoft:word::::::mac_os_x::*
	cpe:2.3:a:microsoft:word:97:::::::*
	cpe:2.3:a:microsoft:word:97:sr1::::::
	cpe:2.3:a:microsoft:word:2000:sr1::::::
	cpe:2.3:a:microsoft:word:2000:sr1a::::::
	cpe:2.3:a:microsoft:excel:2002:::::::*
	cpe:2.3:a:microsoft:word:98:::ja::::
	cpe:2.3:a:microsoft:word:97:sr2::::::
	cpe:2.3:a:microsoft:word:2002:sp1::::::
	cpe:2.3:a:microsoft:word:98:::::::*
	cpe:2.3:a:microsoft:word:2002:::::::*
	cpe:2.3:a:microsoft:word:2002:sp2::::::
	cpe:2.3:a:microsoft:word:98:::::mac_os_x::
	cpe:2.3:a:microsoft:word:2001:::::mac_os_x::

Information

Published : 2003-04-10 21:00

Updated : 2018-10-12 14:32

NVD link : CVE-2002-1143

Mitre link : CVE-2002-1143

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

excel
word

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/5586", "name": "5586", "tags": ["Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/10008.php", "name": "word-includetext-read-files(10008)", "tags": ["Broken Link"], "refsource": "XF"}, {"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp", "name": "http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/5764", "name": "5764", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/10155.php", "name": "word-includepicture-read-files(10155)", "tags": ["Broken Link"], "refsource": "XF"}, {"url": "http://www.kb.cert.org/vuls/id/899713", "name": "VU#899713", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://marc.info/?l=bugtraq&m=103252858816401&w=2", "name": "20020919 More vulnerabilities (Re: Security side-effects of Word fields)", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=103040003014999&w=2", "name": "20020826 Security side-effects of Word fields", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202", "name": "oval:org.mitre.oval:def:202", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059", "name": "MS02-059", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka \"Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1143", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-04-11T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:32Z"}

5.0 /10