CVE-2002-0727

3 documents3 sources

Severity

7.5HIGH

EPSS

9.5%

top 7.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Components Microsoft Project

Timeline

PublishedSep 24

Latest updateApr 30

Description

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/office_web_components2000, 2002+1

▶NVDmicrosoft/project2002

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-gx66-9wfp-gpfc: The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows↗2022-04-30

▶

CVEList

CVE-2002-0727: The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows↗2003-04-02

▶