ID CVE-2002-1340
Summary The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_web_components:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_web_components:2002:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2016 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
misc http://security.greymagic.com/adv/gm008-ie/
Last major update 18-10-2016 - 02:26
Published 18-12-2002 - 05:00
Last modified 18-10-2016 - 02:26
Back to Top