CVE-2002-0727
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
La función de Host en Microsoft Office Web Componentes (OWC) 2000 y 2002 está expuesta en componentes marcados como seguros para secuencias de comandos (scripting), lo que permite a atacantes ejecutar comandos arbitrarios mediante el método setTimeout.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-07-22 CVE Reserved
- 2002-09-24 CVE Published
- 2024-08-08 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101829645415486&w=2 | Mailing List | |
| http://www.osvdb.org/3006 | Vdb Entry | |
| http://www.securityfocus.com/bid/4449 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.iss.net/security_center/static/8777.php | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Web Components Search vendor "Microsoft" for product "Office Web Components" | 2000 Search vendor "Microsoft" for product "Office Web Components" and version "2000" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Web Components Search vendor "Microsoft" for product "Office Web Components" | 2002 Search vendor "Microsoft" for product "Office Web Components" and version "2002" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2002 Search vendor "Microsoft" for product "Project" and version "2002" | - |
Affected
| ||||||