CVE-2002-1339

3 documents3 sources

Severity

5.0MEDIUM

EPSS

29.0%

top 3.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Components

Timeline

PublishedDec 18

Latest updateApr 30

Description

The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/office_web_components2002

Patches

Patch: security.greymagic.com ↗Patch: security.greymagic.com ↗

🔴Vulnerability Details

GHSA

GHSA-3vxf-84gf-58q9: The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine↗2022-04-30

▶

CVEList

CVE-2002-1339: The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine↗2002-12-11

▶