File Detection Vulnerability in Office Web Components by Microsoft
CVE-2002-1340

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Web Components
Vendor: CVE Published:; 18 December 2002

What is CVE-2002-1340?

The 'ConnectionFile' property within the DataSourceControl component of Office Web Components (OWC) 10 is vulnerable, enabling remote attackers to infer the existence of local files. This is achieved by provoking an exception when a requested file is not accessible, which can be exploited to gather information about the file structure on a user's system.

References

http://security.greymagic.com/adv/gm008-ie/

x_refsource_MISC

http://marc.info/?l=bugtraq&m=101830175621193&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

14% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2002
Vulnerability Reserved
Dec 3, 2002