CVE-2002-1143
First published: Thu Apr 03 2003(Updated: )
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Excel | =2002 | |
| Microsoft Office Excel | =2002-sp1 | |
| Microsoft Office Excel | =2002-sp2 | |
| Microsoft Word for Mac | ||
| Microsoft Office Word | =97 | |
| Microsoft Office Word | =97-sr1 | |
| Microsoft Office Word | =97-sr2 | |
| Microsoft Office Word | =98 | |
| Microsoft Word for Mac | =98 | |
| Microsoft Office Word | =98 | |
| Microsoft Office Word | =2000 | |
| Microsoft Office Word | =2000-sp2 | |
| Microsoft Office Word | =2000-sr1 | |
| Microsoft Office Word | =2000-sr1a | |
| Microsoft Word for Mac | =2001 | |
| Microsoft Office Word | =2002 | |
| Microsoft Office Word | =2002-sp1 | |
| Microsoft Office Word | =2002-sp2 |
Remedy
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/5586
- http://www.iss.net/security_center/static/10008.php
- http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
- http://www.securityfocus.com/bid/5764
- http://www.iss.net/security_center/static/10155.php
- http://www.kb.cert.org/vuls/id/899713
- http://marc.info/?l=bugtraq&m=103252858816401&w=2
- http://marc.info/?l=bugtraq&m=103040003014999&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
Frequently Asked Questions
What is the severity of CVE-2002-1143?
CVE-2002-1143 has a medium severity rating due to the potential for sensitive information disclosure.
How do I fix CVE-2002-1143?
To fix CVE-2002-1143, users should apply the latest security patches released by Microsoft for affected versions of Word and Excel.
What software is affected by CVE-2002-1143?
CVE-2002-1143 affects various versions of Microsoft Word and Microsoft Excel, including versions 97, 2000, and 2002.
What exploit methods are utilized in CVE-2002-1143?
CVE-2002-1143 exploits certain field codes in Word and Excel, such as INCLUDETEXT and INCLUDEPICTURE, to steal sensitive information.
Is CVE-2002-1143 still a threat today?
While CVE-2002-1143 is not commonly exploited today, it is advisable to update to supported software versions to mitigate any potential risks.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- product/excel
- canonical/microsoft excel
- product/word
- canonical/microsoft word
- canonical/microsoft office excel
- version/microsoft office excel/2002
- version/microsoft office excel/2002-sp1
- version/microsoft office excel/2002-sp2
- canonical/microsoft word for mac
- canonical/microsoft office word
- version/microsoft office word/97
- version/microsoft office word/97-sr1
- version/microsoft office word/97-sr2
- version/microsoft office word/98
- version/microsoft word for mac/98
- version/microsoft office word/2000
- version/microsoft office word/2000-sp2
- version/microsoft office word/2000-sr1
- version/microsoft office word/2000-sr1a
- version/microsoft word for mac/2001
- version/microsoft office word/2002
- version/microsoft office word/2002-sp1
- version/microsoft office word/2002-sp2