Scripting Vulnerability in Microsoft Office Web Components 2000 and 2002
CVE-2002-0727

Currently unrated

Key Information:

Vendor: Microsoft
Status: Project; Office Web Components
Vendor: CVE Published:; 24 September 2002

Summary

The Host function within Microsoft Office Web Components (OWC) versions 2000 and 2002 has a vulnerability that allows remote attackers to execute arbitrary commands through the setTimeout method. This exposure occurs in components designated as safe for scripting, leading to potential unauthorized actions on affected systems. Organizations using these versions should assess their exposure and apply security updates to mitigate risks.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.osvdb.org/3006

vdb-entryx_refsource_OSVDB

http://www.iss.net/security_center/static/8777.php

vdb-entryx_refsource_XF

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 24, 2002
Vulnerability Reserved
Jul 22, 2002