Remote File Access Vulnerability in Microsoft Office Web Components
CVE-2002-0860

Currently unrated

Key Information:

Vendor: Microsoft
Status: Project; Office Web Components
Vendor: CVE Published:; 24 September 2002

Summary

The LoadText method in the spreadsheet component of Microsoft Office Web Components (OWC) 2000 and 2002 creates a potential security risk, allowing remote attackers to exploit Internet Explorer to access arbitrary files. By utilizing a URL that redirects to the targeted file, malicious entities could bypass local file access restrictions, thereby compromising sensitive information. Organizations using these affected versions should review their security practices and consider upgrading to newer, more secure alternatives.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.iss.net/security_center/static/8778.php

vdb-entryx_refsource_XF

http://www.osvdb.org/3007

vdb-entryx_refsource_OSVDB

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 24, 2002
Vulnerability Reserved
Aug 15, 2002