Lucene search

MitreCVE-2002-0727

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0727

2003-04-0205:00:00

mitre

web.nvd.nist.gov

cve-2002-0727

microsoft office

web components

owc

remote attackers

arbitrary commands

settimeout method

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.009

Percentile

82.8%

JSON

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Affected configurations

Nvd

Node

microsoftoffice_web_componentsMatch2000

microsoftoffice_web_componentsMatch2002

microsoftprojectMatch2002

VendorProductVersionCPE
microsoftoffice_web_components2000cpe:2.3:a:microsoft:office_web_components:2000:*:*:*:*:*:*:*
microsoftoffice_web_components2002cpe:2.3:a:microsoft:office_web_components:2002:*:*:*:*:*:*:*
microsoftproject2002cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_web_components	2000	cpe:2.3:a:microsoft:office_web_components:2000:::::::*
microsoft	office_web_components	2002	cpe:2.3:a:microsoft:office_web_components:2002:::::::*
microsoft	project	2002	cpe:2.3:a:microsoft:project:2002:::::::*

References

marc.info/?l=bugtraq&m=101829645415486&w=2

www.iss.net/security_center/static/8777.php

www.osvdb.org/3006

www.securityfocus.com/bid/4449

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.009

Percentile

82.8%

JSON

Related for CVE-2002-0727