File Existence Disclosure in Office Web Components by Microsoft
CVE-2002-1338

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Web Components
Vendor: CVE Published:; 18 December 2002

Summary

The Load method in the Chart component of the Office Web Components (OWC) 9 and 10 is vulnerable to a issue where it generates an exception if a specified file does not exist. This behavior can be exploited by remote attackers, enabling them to ascertain the existence of local files on the user's system. By using this vulnerability, attackers can gather sensitive information that could lead to further attacks. It is crucial for users and administrators to apply appropriate mitigations to protect against this type of exposure.

References

http://security.greymagic.com/adv/gm008-ie/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/8784

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/156123

third-party-advisoryx_refsource_CERT-VN

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 18, 2002
Vulnerability Reserved
Dec 3, 2002