CVE-2002-1143
Microsoft Word 95/97/98/2000/2002 - 'INCLUDEPICTURE' Document Sharing File Disclosure
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
Microsoft Word y Excel permite a atacantes remotos robar información sensible mediante ciertos códigos de campo que insertan la información cuando el documento es devuelto al atacante, como ha sido demostrado en Word usando
INCLUDETEXT o INCLUDEPICTURE, tambien conocido como "Fallo en campos de Word y actualizaciones externas de Excel podría conducir a revelamiento de Información"
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-08-26 First Exploit
- 2002-09-23 CVE Reserved
- 2003-04-03 CVE Published
- 2024-08-08 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=103040003014999&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=103252858816401&w=2 | Mailing List | |
| http://www.iss.net/security_center/static/10008.php | Broken Link | |
| http://www.iss.net/security_center/static/10155.php | Broken Link | |
| http://www.kb.cert.org/vuls/id/899713 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/5764 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21812 | 2002-09-20 | |
| https://www.exploit-db.com/exploits/21764 | 2002-08-26 | |
| http://www.securityfocus.com/bid/5586 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2002 Search vendor "Microsoft" for product "Excel" and version "2002" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2002 Search vendor "Microsoft" for product "Excel" and version "2002" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2002 Search vendor "Microsoft" for product "Excel" and version "2002" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | * | mac_os_x |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 97 Search vendor "Microsoft" for product "Word" and version "97" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 97 Search vendor "Microsoft" for product "Word" and version "97" | sr1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 97 Search vendor "Microsoft" for product "Word" and version "97" | sr2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 98 Search vendor "Microsoft" for product "Word" and version "98" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 98 Search vendor "Microsoft" for product "Word" and version "98" | mac_os_x |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 98 Search vendor "Microsoft" for product "Word" and version "98" | ja |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2000 Search vendor "Microsoft" for product "Word" and version "2000" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2000 Search vendor "Microsoft" for product "Word" and version "2000" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2000 Search vendor "Microsoft" for product "Word" and version "2000" | sr1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2000 Search vendor "Microsoft" for product "Word" and version "2000" | sr1a |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2001 Search vendor "Microsoft" for product "Word" and version "2001" | mac_os_x |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2002 Search vendor "Microsoft" for product "Word" and version "2002" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2002 Search vendor "Microsoft" for product "Word" and version "2002" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2002 Search vendor "Microsoft" for product "Word" and version "2002" | sp2 |
Affected
| ||||||