CVE-2002-1340

3 documents3 sources

Severity

5.0MEDIUM

EPSS

29.0%

top 3.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Components

Timeline

PublishedDec 18

Latest updateApr 30

Description

The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/office_web_components2002

Patches

Patch: security.greymagic.com ↗Patch: security.greymagic.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2xh-ccf8-ggqg: The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence↗2022-04-30

▶

CVEList

CVE-2002-1340: The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence↗2002-12-11

▶