Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1143Sensitive Information Exposure in Microsoft Excel

6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
32.5%
top 3.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ExcelMicrosoft Word
Timeline
PublishedApr 11
Latest updateApr 30

Description

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/word5 versions+4
NVDmicrosoft/excel2002

Patches

Patch: www.microsoft.comPatch: www.securityfocus.comPatch: www.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-5jm3-4wj9-623c: Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document i2022-04-30
CVEList
CVE-2002-1143: Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document i2003-04-03

💥Exploits & PoCs

2
Exploit-DB
Microsoft Word 95/97/98/2000/2002 - 'INCLUDEPICTURE' Document Sharing File Disclosure2002-09-20
Exploit-DB
Microsoft Word 95/97/98/2000/2002 / Excel 2002 - INCLUDETEXT Document Sharing File Disclosure2002-08-26

🕵️Threat Intelligence

1
Securelist
An (un)documented Word feature abused by attackers2017-09-18
CVE-2002-1143 — Sensitive Information Exposure | cvebase