Vulnerability Details : CVE-2002-1143
Potential exploit
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
Vulnerability category: Information leak
Products affected by CVE-2002-1143
- cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*
- cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*
- cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*
- cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-1143
25.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-1143
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-1143
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
-
http://www.iss.net/security_center/static/10155.php
Broken Link
-
http://www.securityfocus.com/bid/5586
Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.securityfocus.com/bid/5764
Third Party Advisory;VDB Entry
-
http://www.iss.net/security_center/static/10008.php
Broken Link
-
http://www.kb.cert.org/vuls/id/899713
Third Party Advisory;US Government Resource
-
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=103040003014999&w=2
Mailing List;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=103252858816401&w=2
Mailing List;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
Third Party Advisory
Jump to