QwikSec

Security Database

CVE

CWE

Training

CVE-2002-1143

Published: Apr 3, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20020919 More vulnerabilities (Re: Security side-effects of Word fields)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MS

vdb-entry

x_refsource_BID

word-includetext-read-files(10008)

vdb-entry

x_refsource_XF

word-includepicture-read-files(10155)

vdb-entry

x_refsource_XF

oval:org.mitre.oval:def:202

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT-VN

20020826 Security side-effects of Word fields

mailing-list

x_refsource_BUGTRAQ

http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.