Vulnerability Details : CVE-2002-1143

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

Vulnerability category: Information leak

Published 2003-04-11 04:00:00

Updated 2018-10-12 21:32:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-1143

Probability of exploitation activity in the next 30 days: 3.41%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-1143

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2002-1143

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
http://www.iss.net/security_center/static/10155.php

Broken Link
http://www.securityfocus.com/bid/5586

Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
http://www.securityfocus.com/bid/5764

Third Party Advisory;VDB Entry
http://www.iss.net/security_center/static/10008.php

Broken Link
http://www.kb.cert.org/vuls/id/899713

Third Party Advisory;US Government Resource
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

Patch;Vendor Advisory
http://marc.info/?l=bugtraq&m=103040003014999&w=2

Mailing List;Third Party Advisory
http://marc.info/?l=bugtraq&m=103252858816401&w=2

Mailing List;Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202

Third Party Advisory

Products affected by CVE-2002-1143

Microsoft » Excel » Version: 2002
cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2002 Update SP1
cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Excel » Version: 2002 Update SP2
cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » For Mac Os X
cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*
Matching versions
Microsoft » Word » Version: 97
cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 98 Language JA
cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*
Matching versions
Microsoft » Word » Version: 2000
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 98 For Mac Os X
cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*
Matching versions
Microsoft » Word » Version: 2001 For Mac Os X
cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*
Matching versions
Microsoft » Word » Version: 2000 Update Sr1a
cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2000 Update SR1
cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 98
cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 97 Update SR1
cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 97 Update SR2
cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2002
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2000 Update SP2
cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2002 Update SP1
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2002 Update SP2
cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
Matching versions