Remote Code Execution Vulnerability in Microsoft Office Web Components
CVE-2002-0861

Currently unrated

Key Information:

Vendor: Microsoft
Status: Project; Office Web Components
Vendor: CVE Published:; 24 September 2002

Summary

Microsoft Office Web Components (OWC) versions 2000 and 2002 present a security flaw that allows remote attackers to circumvent the 'Allow paste operations via script' setting, even when this feature is disabled. By leveraging the Copy method of the Cell object or the Paste method of the Range object, attackers can gain unauthorized access to the clipboard and potentially execute harmful scripts. This vulnerability poses significant risks for users who utilize OWC within applications, especially in scenarios involving web content and dynamic interfaces.

References

http://www.iss.net/security_center/static/8779.php

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=101829726516346&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4457

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 24, 2002
Vulnerability Reserved
Aug 15, 2002