CVE-2002-1143

Published: Apr 11, 2003Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

Affected (18)

Products: Microsoft: Excel, Word

2 products

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2002
Microsoft Excel	Version 2002 sp1
Microsoft Excel	Version 2002 sp2
Microsoft Word	All versions
Microsoft Word	Version 2000
Microsoft Word	Version 2000 sp2
Microsoft Word	Version 2000 sr1
Microsoft Word	Version 2000 sr1a
Microsoft Word	Version 2001
Microsoft Word	Version 2002
Microsoft Word	Version 2002 sp1
Microsoft Word	Version 2002 sp2
Microsoft Word	Version 97
Microsoft Word	Version 97 sr1
Microsoft Word	Version 97 sr2
Microsoft Word	Version 98
Microsoft Word	Version 98
Microsoft Word	Version 98

References (20)

http://marc.info/?l=bugtraq&m=103040003014999&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=103252858816401&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.iss.net/security_center/static/10008.php

Source: cve@mitre.org

Broken Link

http://www.iss.net/security_center/static/10155.php

Source: cve@mitre.org

Broken Link

http://www.kb.cert.org/vuls/id/899713

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/5586

Source: cve@mitre.org

ExploitPatchThird Party AdvisoryVDB EntryVendor Advisory

http://www.securityfocus.com/bid/5764

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202

Source: cve@mitre.org

Third Party Advisory

http://marc.info/?l=bugtraq&m=103040003014999&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=103252858816401&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.iss.net/security_center/static/10008.php

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.iss.net/security_center/static/10155.php

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.kb.cert.org/vuls/id/899713

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/5586

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party AdvisoryVDB EntryVendor Advisory

http://www.securityfocus.com/bid/5764

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.