CVE-2002-0727
Summary
| CVE | CVE-2002-0727 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-09-24 04:00:00 UTC |
| Updated | 2018-10-12 21:31:00 UTC |
| Description | The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office Web Components | 2000 | All | All | All |
| Application | Microsoft | Office Web Components | 2002 | All | All | All |
| Application | Microsoft | Office Web Components | 2000 | All | All | All |
| Application | Microsoft | Office Web Components | 2002 | All | All | All |
| Application | Microsoft | Project | 2002 | All | All | All |
| Application | Microsoft | Project | 2002 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ISS X-Force Database: owc-spreadsheet-host-script-execution (8777): Microsoft OWC Spreadsheet component "=HOST()" formula could be used to execute arbitrary script through Internet Explorer | XF | www.iss.net | Patch, Vendor Advisory |
| Microsoft Security Bulletin MS02-044 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| 3006 | OSVDB | www.osvdb.org | |
| 20020408 Scripting for the scriptless with OWC in IE (GM#005-IE) | BUGTRAQ | marc.info | |
| Microsoft Office Web Components Active Script Execution Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.