CVE-2002-1143 (GCVE-0-2002-1143)
Vulnerability from cvelistv5
Published
2003-04-03 05:00
Modified
2024-08-08 03:12
Severity ?
CWE
  • n/a
Summary
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
References
cve@mitre.org http://marc.info/?l=bugtraq&m=103040003014999&w=2 Mailing List, Third Party Advisory
cve@mitre.org http://marc.info/?l=bugtraq&m=103252858816401&w=2 Mailing List, Third Party Advisory
cve@mitre.org http://www.iss.net/security_center/static/10008.php Broken Link
cve@mitre.org http://www.iss.net/security_center/static/10155.php Broken Link
cve@mitre.org http://www.kb.cert.org/vuls/id/899713 Third Party Advisory, US Government Resource
cve@mitre.org http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp Patch, Vendor Advisory
cve@mitre.org http://www.securityfocus.com/bid/5586 Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
cve@mitre.org http://www.securityfocus.com/bid/5764 Third Party Advisory, VDB Entry
cve@mitre.org https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
cve@mitre.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://marc.info/?l=bugtraq&m=103040003014999&w=2 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://marc.info/?l=bugtraq&m=103252858816401&w=2 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.iss.net/security_center/static/10008.php Broken Link
af854a3a-2127-422b-91ae-364da2661108 http://www.iss.net/security_center/static/10155.php Broken Link
af854a3a-2127-422b-91ae-364da2661108 http://www.kb.cert.org/vuls/id/899713 Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/5586 Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/5764 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
af854a3a-2127-422b-91ae-364da2661108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202 Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:12:17.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020919 More vulnerabilities (Re: Security side-effects of Word fields)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103252858816401\u0026w=2"
          },
          {
            "name": "MS02-059",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059"
          },
          {
            "name": "5764",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5764"
          },
          {
            "name": "word-includetext-read-files(10008)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10008.php"
          },
          {
            "name": "word-includepicture-read-files(10155)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10155.php"
          },
          {
            "name": "oval:org.mitre.oval:def:202",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202"
          },
          {
            "name": "5586",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5586"
          },
          {
            "name": "VU#899713",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/899713"
          },
          {
            "name": "20020826 Security side-effects of Word fields",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103040003014999\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka \"Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020919 More vulnerabilities (Re: Security side-effects of Word fields)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103252858816401\u0026w=2"
        },
        {
          "name": "MS02-059",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059"
        },
        {
          "name": "5764",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5764"
        },
        {
          "name": "word-includetext-read-files(10008)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10008.php"
        },
        {
          "name": "word-includepicture-read-files(10155)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10155.php"
        },
        {
          "name": "oval:org.mitre.oval:def:202",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202"
        },
        {
          "name": "5586",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5586"
        },
        {
          "name": "VU#899713",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/899713"
        },
        {
          "name": "20020826 Security side-effects of Word fields",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103040003014999\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka \"Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020919 More vulnerabilities (Re: Security side-effects of Word fields)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103252858816401\u0026w=2"
            },
            {
              "name": "MS02-059",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059"
            },
            {
              "name": "5764",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5764"
            },
            {
              "name": "word-includetext-read-files(10008)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10008.php"
            },
            {
              "name": "word-includepicture-read-files(10155)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10155.php"
            },
            {
              "name": "oval:org.mitre.oval:def:202",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202"
            },
            {
              "name": "5586",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5586"
            },
            {
              "name": "VU#899713",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/899713"
            },
            {
              "name": "20020826 Security side-effects of Word fields",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103040003014999\u0026w=2"
            },
            {
              "name": "http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1143",
    "datePublished": "2003-04-03T05:00:00",
    "dateReserved": "2002-09-23T00:00:00",
    "dateUpdated": "2024-08-08T03:12:17.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-1143\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-04-11T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka \\\"Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Word y Excel permite a atacantes remotos robar informaci\u00f3n sensible mediante ciertos c\u00f3digos de campo que insertan la informaci\u00f3n cuando el documento es devuelto al atacante, como ha sido demostrado en Word usando\\r\\nINCLUDETEXT o INCLUDEPICTURE, tambien conocido como \\\"Fallo en campos de Word y actualizaciones externas de Excel podr\u00eda conducir a revelamiento de Informaci\u00f3n\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"082D3262-87E3-4245-AD9C-02BE0871FA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C619E79B-90FB-4812-B0F3-115B47498492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC893353-909C-49A8-8C3A-AD325C1D365D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:*:*:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"C51F7DDA-63CA-4FBD-AED0-3CD251A40879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645B78F8-9AD7-4707-9CAD-5DC79475D971\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC7BEA9-AA9B-4FFA-BC09-DD41F7E3EAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"682961C4-A208-403F-8C3B-1E08F0414EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E56F9283-7EE3-4F50-AFB6-09CDC06A5121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:98:*:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"E28225AE-DBBA-44B0-AA1E-B210E6802953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*\",\"matchCriteriaId\":\"3B3A5E8E-CCE2-49AF-BAEB-549E3C67430B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEBFF713-0884-43BF-9AB8-777664FD64AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5947AFC8-483F-4597-AB8F-214356E857BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEE7CC21-A458-49BB-B437-D5DF09339D83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFD9BC0-8755-4C3B-A198-A7F2DEFA82AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"F5CFFFAE-0B84-4A08-B061-6C652FA81497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D90B1E1-23CD-4595-AD78-DA1758E9896D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A706AF-333A-4492-B947-A3BA2556F4D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B90E94C-839A-40B9-A408-6B396EB26102\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=103040003014999\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=103252858816401\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/10008.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.iss.net/security_center/static/10155.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/899713\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/5586\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/5764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=103040003014999\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=103252858816401\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/10008.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.iss.net/security_center/static/10155.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/899713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/5586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/5764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.