CVE-2002-1338

3 documents3 sources

Severity

5.0MEDIUM

EPSS

18.4%

top 4.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Components

Timeline

PublishedDec 18

Latest updateApr 30

Description

The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/office_web_components2002

Patches

Patch: security.greymagic.com ↗Patch: security.greymagic.com ↗

🔴Vulnerability Details

GHSA

GHSA-hg8q-5v88-c2fr: The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allo↗2022-04-30

▶

CVEList

CVE-2002-1338: The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allo↗2002-12-11

▶