Vulnerability Name:

CVE-2002-1143 (CCN-10008)

Assigned:2002-08-26
Published:2002-08-26
Updated:2018-10-12
Summary:Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Mon Aug 26 2002 - 16:23:22 CDT
Security side-effects of Word fields

Source: MITRE
Type: CNA
CVE-2002-1143

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20020826 Security side-effects of Word fields

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20020919 More vulnerabilities (Re: Security side-effects of Word fields)

Source: CCN
Type: Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

Source: CCN
Type: Microsoft Security Bulletin MS12-028
Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)

Source: CCN
Type: Microsoft Security Bulletin MS12-029
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

Source: CCN
Type: Microsoft Security Bulletin MS12-034
Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

Source: CCN
Type: Microsoft Security Bulletin MS12-046
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)

Source: CCN
Type: Microsoft Security Bulletin MS12-057
Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879)

Source: CCN
Type: Microsoft Security Bulletin MS12-064
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

Source: CCN
Type: Microsoft Security Bulletin MS12-065
Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670)

Source: CCN
Type: Microsoft Security Bulletin MS12-070
Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

Source: CCN
Type: Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)

Source: CCN
Type: Microsoft Security Bulletin MS13-022
Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)

Source: CCN
Type: Microsoft Security Bulletin MS13-043
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

Source: CCN
Type: Microsoft Security Bulletin MS13-054
Vulnerability in Windows Components Could Allow Remote Code Execution (2848295)

Source: CCN
Type: Microsoft Security Bulletin MS13-072
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

Source: CCN
Type: Microsoft Security Bulletin MS13-074
Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)

Source: CCN
Type: Microsoft Security Bulletin MS13-085
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

Source: CCN
Type: Microsoft Security Bulletin MS13-086
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

Source: CCN
Type: Microsoft Security Bulletin MS14-001
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Source: CCN
Type: Microsoft Security Bulletin MS14-017
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

Source: CCN
Type: Microsoft Security Bulletin MS14-034
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)

Source: CCN
Type: Microsoft Security Bulletin MS14-038
Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

Source: CCN
Type: Microsoft Security Bulletin MS14-044
Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)

Source: CCN
Type: Microsoft Security Bulletin MS14-048
Vulnerability in OneNote Could Allow Remote Code Execution (2977201)

Source: CCN
Type: Microsoft Security Bulletin MS14-061
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

Source: CCN
Type: Microsoft Security Bulletin MS14-069
Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710)

Source: CCN
Type: Microsoft Security Bulletin MS14-081
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)

Source: CCN
Type: Microsoft Security Bulletin MS14-083
Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347)

Source: CCN
Type: Microsoft Security Bulletin MS15-081
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

Source: CCN
Type: Microsoft Security Bulletin MS15-099
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)

Source: CCN
Type: Microsoft Security Bulletin MS15-110
Security Updates for Microsoft Office (3096440)

Source: CCN
Type: Microsoft Security Bulletin MS15-116
Security Updates for Microsoft Office to Address Remote Code Execution (3104540)

Source: CCN
Type: Microsoft Security Bulletin MS15-131
Security Update for Microsoft Office to Address Remote Code Execution (3116111)

Source: CCN
Type: Microsoft Security Bulletin MS16-004
Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585)

Source: CCN
Type: Microsoft Security Bulletin MS16-015
Security Update for Microsoft Office to Address Remote Code Execution (3134226)

Source: CCN
Type: Microsoft Security Bulletin MS16-029
Security Update for Microsoft Office to Address Remote Code Execution (3141806)

Source: CCN
Type: Microsoft Security Bulletin MS16-042
Security Update for Microsoft Office (3148775)

Source: CCN
Type: Microsoft Security Bulletin MS16-054
Security Update for Microsoft Office (3155544)

Source: CCN
Type: Microsoft Security Bulletin MS16-070
Security Update for Office (3163610)

Source: CCN
Type: Microsoft Security Bulletin MS16-088
Security Updates for Office (3170008)

Source: CCN
Type: Microsoft Security Bulletin MS16-099
Security Update for Office (3177451)

Source: CCN
Type: Microsoft Security Bulletin MS16-107
Security Update for Microsoft Office (3185852)

Source: CCN
Type: Microsoft Security Bulletin MS16-121
Security Update for Microsoft Office (3194063)

Source: CCN
Type: Microsoft Security Bulletin MS16-133
Security Update for Microsoft Office (3199168)

Source: CCN
Type: Microsoft Security Bulletin MS16-148
Security Update for Microsoft Office (3204068)

Source: CCN
Type: Microsoft Security Bulletin MS17-002
Security Update for Microsoft Office (3214291)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: CCN
Type: Microsoft Security Bulletin MS17-014
Security Update for Microsoft Office (4013241)

Source: CCN
Type: CIAC Technical Bulletin CIACTech02-005
Understanding Capturing Files with Microsoft Word Field Codes

Source: XF
Type: Broken Link
word-includetext-read-files(10008)

Source: XF
Type: Broken Link
word-includepicture-read-files(10155)

Source: CCN
Type: US-CERT VU#899713
Microsoft Word and Excel documents allow local file reading by via embedded fields

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#899713

Source: CCN
Type: Microsoft Security Bulletin MS02-059
Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)

Source: CCN
Type: Microsoft Security Bulletin MS03-050
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)

Source: CCN
Type: Microsoft Security Bulletin MS04-033
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)

Source: CCN
Type: Microsoft Security Bulletin MS05-023
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)

Source: CCN
Type: Microsoft Security Bulletin MS05-035
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)

Source: CCN
Type: Microsoft Security Bulletin MS06-012
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

Source: CCN
Type: Microsoft Security Bulletin MS06-027
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

Source: CCN
Type: Microsoft Security Bulletin MS06-037
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

Source: CCN
Type: Microsoft Security Bulletin MS06-059
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)

Source: CCN
Type: Microsoft Security Bulletin MS06-060
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)

Source: CCN
Type: Microsoft Security Bulletin MS07-002
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

Source: CCN
Type: Microsoft Security Bulletin MS07-014
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)

Source: CCN
Type: Microsoft Security Bulletin MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

Source: CCN
Type: Microsoft Security Bulletin MS07-024
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

Source: CCN
Type: Microsoft Security Bulletin MS07-036
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)

Source: CCN
Type: Microsoft Security Bulletin MS07-044
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

Source: CCN
Type: Microsoft Security Bulletin MS07-060
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

Source: CCN
Type: Microsoft Security Bulletin MS08-009
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

Source: CCN
Type: Microsoft Security Bulletin MS08-013
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)

Source: CCN
Type: Microsoft Security Bulletin MS08-014
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Source: CCN
Type: Microsoft Security Bulletin MS08-016
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Source: CCN
Type: Microsoft Security Bulletin MS08-026
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)

Source: CCN
Type: Microsoft Security Bulletin MS08-042
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)

Source: CCN
Type: Microsoft Security Bulletin MS08-043
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

Source: CCN
Type: Microsoft Security Bulletin MS08-051
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)

Source: CCN
Type: Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

Source: CCN
Type: Microsoft Security Bulletin MS08-055
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047)

Source: CCN
Type: Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

Source: CCN
Type: Microsoft Security Bulletin MS09-004
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

Source: CCN
Type: Microsoft Security Bulletin MS09-017
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)

Source: CCN
Type: Microsoft Security Bulletin MS09-021
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)

Source: CCN
Type: Microsoft Security Bulletin MS09-062
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Source: CCN
Type: Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

Source: CCN
Type: Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)

Source: CCN
Type: Microsoft Security Bulletin MS10-004
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)

Source: CCN
Type: Microsoft Security Bulletin MS10-017
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

Source: CCN
Type: Microsoft Security Bulletin MS10-028
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

Source: CCN
Type: Microsoft Security Bulletin MS10-031
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

Source: CCN
Type: Microsoft Security Bulletin MS10-036
Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235

Source: CCN
Type: Microsoft Security Bulletin MS10-038
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)

Source: CCN
Type: Microsoft Security Bulletin MS10-056
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)

Source: CCN
Type: Microsoft Security Bulletin MS10-057
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)

Source: CCN
Type: Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)

Source: CCN
Type: Microsoft Security Bulletin MS10-087
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

Source: CCN
Type: Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)

Source: CCN
Type: Microsoft Security Bulletin MS11-008
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)

Source: CCN
Type: Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

Source: CCN
Type: Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

Source: CCN
Type: Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

Source: CCN
Type: Microsoft Security Bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

Source: CCN
Type: Microsoft Security Bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

Source: CCN
Type: Microsoft Security Bulletin MS11-060
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)

Source: CCN
Type: Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp

Source: BID
Type: Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
5586

Source: CCN
Type: BID-5586
Microsoft Word / Excel INCLUDETEXT Document Sharing File Disclosure Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
5764

Source: CCN
Type: BID-5764
Microsoft Word INCLUDEPICTURE Document Sharing File Disclosure Vulnerability

Source: MS
Type: UNKNOWN
MS02-059

Source: XF
Type: UNKNOWN
word-includetext-read-files(10008)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:202

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:excel:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:excel:2002:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:excel:2002:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:*:*:*:*:*:mac_os_x:*:*
  • OR cpe:/a:microsoft:word:97:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:97:sr1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:97:sr2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:98:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:98:*:*:*:*:mac_os_x:*:*
  • OR cpe:/a:microsoft:word:98:*:*:ja:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:sr1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:sr1a:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2001:*:*:*:*:mac_os_x:*:*
  • OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2002:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2002:sp2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:word:97:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:98:*:*:ja:*:*:*:*
  • OR cpe:/a:microsoft:word:98:sr1:mac_os:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:excel:2000:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-1143 (CCN-10155)

    Assigned:2002-09-19
    Published:2002-09-19
    Updated:2002-09-19
    Summary:Microsoft Word could allow a remote attacker to use a hidden INCLUDEPICTURE field within a shared document to read files from a victim's computer. If a remote attacker embeds a hidden INCLUDEPICTURE field within a Microsoft Word document that includes a URL and references a known file on a victim's system, the attacker could obtain the targeted file along with the edited document when the victim returns the document to the attacker after updating all the fields. If the attacker could cause the INCLUDEPICTURE field to update automatically when the shared document is opened, the attacker could then cause a message to be sent that would contain the path to the shared document and the contents of another referenced file on the victim's computer.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Obtain Information
    References:Source: CCN
    Type: BugTraq Mailing List, Thu Sep 19 2002 - 16:57:01 CDT
    More vulnerabilities (Re: Security side-effects of Word fields)

    Source: MITRE
    Type: CNA
    CVE-2002-1143

    Source: CCN
    Type: Microsoft Security Bulletin MS11-096
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-028
    Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-029
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-034
    Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-046
    Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-057
    Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-064
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-065
    Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-070
    Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

    Source: CCN
    Type: Microsoft Security Bulletin MS12-079
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-022
    Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-043
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-054
    Vulnerability in Windows Components Could Allow Remote Code Execution (2848295)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-072
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-074
    Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-085
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

    Source: CCN
    Type: Microsoft Security Bulletin MS13-086
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-001
    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-017
    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-034
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-038
    Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-044
    Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-048
    Vulnerability in OneNote Could Allow Remote Code Execution (2977201)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-061
    Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-069
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-081
    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)

    Source: CCN
    Type: Microsoft Security Bulletin MS14-083
    Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347)

    Source: CCN
    Type: Microsoft Security Bulletin MS15-081
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

    Source: CCN
    Type: Microsoft Security Bulletin MS15-099
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)

    Source: CCN
    Type: Microsoft Security Bulletin MS15-110
    Security Updates for Microsoft Office (3096440)

    Source: CCN
    Type: Microsoft Security Bulletin MS15-116
    Security Updates for Microsoft Office to Address Remote Code Execution (3104540)

    Source: CCN
    Type: Microsoft Security Bulletin MS15-131
    Security Update for Microsoft Office to Address Remote Code Execution (3116111)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-004
    Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-015
    Security Update for Microsoft Office to Address Remote Code Execution (3134226)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-029
    Security Update for Microsoft Office to Address Remote Code Execution (3141806)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-042
    Security Update for Microsoft Office (3148775)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-054
    Security Update for Microsoft Office (3155544)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-070
    Security Update for Office (3163610)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-088
    Security Updates for Office (3170008)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-099
    Security Update for Office (3177451)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-107
    Security Update for Microsoft Office (3185852)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-121
    Security Update for Microsoft Office (3194063)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-133
    Security Update for Microsoft Office (3199168)

    Source: CCN
    Type: Microsoft Security Bulletin MS16-148
    Security Update for Microsoft Office (3204068)

    Source: CCN
    Type: Microsoft Security Bulletin MS17-002
    Security Update for Microsoft Office (3214291)

    Source: CCN
    Type: Microsoft Security Bulletin MS17-013
    Security Update for Microsoft Graphics Component (4013075)

    Source: CCN
    Type: Microsoft Security Bulletin MS17-014
    Security Update for Microsoft Office (4013241)

    Source: CCN
    Type: CIAC Technical Bulletin CIACTech02-005
    Understanding Capturing Files with Microsoft Word Field Codes

    Source: CCN
    Type: US-CERT VU#899713
    Microsoft Word and Excel documents allow local file reading by via embedded fields

    Source: CCN
    Type: Microsoft Security Bulletin MS02-059
    Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)

    Source: CCN
    Type: Microsoft Security Bulletin MS03-050
    Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)

    Source: CCN
    Type: Microsoft Security Bulletin MS04-033
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)

    Source: CCN
    Type: Microsoft Security Bulletin MS05-023
    Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)

    Source: CCN
    Type: Microsoft Security Bulletin MS05-035
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)

    Source: CCN
    Type: Microsoft Security Bulletin MS06-012
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

    Source: CCN
    Type: Microsoft Security Bulletin MS06-027
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

    Source: CCN
    Type: Microsoft Security Bulletin MS06-037
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

    Source: CCN
    Type: Microsoft Security Bulletin MS06-059
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)

    Source: CCN
    Type: Microsoft Security Bulletin MS06-060
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-002
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-014
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-023
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-024
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-036
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-044
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

    Source: CCN
    Type: Microsoft Security Bulletin MS07-060
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-009
    Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-013
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-014
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-016
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-026
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-042
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-043
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-051
    Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-052
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-055
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047)

    Source: CCN
    Type: Microsoft Security Bulletin MS08-057
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

    Source: CCN
    Type: Microsoft Security Bulletin MS09-004
    Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

    Source: CCN
    Type: Microsoft Security Bulletin MS09-017
    Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)

    Source: CCN
    Type: Microsoft Security Bulletin MS09-021
    Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)

    Source: CCN
    Type: Microsoft Security Bulletin MS09-062
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

    Source: CCN
    Type: Microsoft Security Bulletin MS09-067
    Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-003
    Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-004
    Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-017
    Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-028
    Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-031
    Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-036
    Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235

    Source: CCN
    Type: Microsoft Security Bulletin MS10-038
    Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-056
    Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-057
    Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-079
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-087
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

    Source: CCN
    Type: Microsoft Security Bulletin MS10-105
    Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-008
    Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-021
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-023
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-029
    Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-045
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-049
    Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-060
    Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)

    Source: CCN
    Type: Microsoft Security Bulletin MS11-072
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

    Source: CCN
    Type: BID-5586
    Microsoft Word / Excel INCLUDETEXT Document Sharing File Disclosure Vulnerability

    Source: CCN
    Type: BID-5764
    Microsoft Word INCLUDEPICTURE Document Sharing File Disclosure Vulnerability

    Source: XF
    Type: UNKNOWN
    word-includepicture-read-files(10155)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:word:97:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:98:*:*:ja:*:*:*:*
  • OR cpe:/a:microsoft:word:98:sr1:mac_os:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:excel:2000:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:202
    V
    		Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure
    2012-05-28
    BACK
    microsoft excel 2002
    microsoft excel 2002 sp1
    microsoft excel 2002 sp2
    microsoft word *
    microsoft word 97
    microsoft word 97 sr1
    microsoft word 97 sr2
    microsoft word 98
    microsoft word 98
    microsoft word 98
    microsoft word 2000
    microsoft word 2000 sp2
    microsoft word 2000 sr1
    microsoft word 2000 sr1a
    microsoft word 2001
    microsoft word 2002
    microsoft word 2002 sp1
    microsoft word 2002 sp2
    microsoft word 97
    microsoft word 2000
    microsoft word 98
    microsoft word 98 sr1
    microsoft word 2002
    microsoft excel 2000
    microsoft word 97
    microsoft word 2000
    microsoft word 98
    microsoft word 98 sr1
    microsoft word 2002
    microsoft excel 2000