Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-0727 | First vendor Publication | 2002-09-24 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0727 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3006 | Microsoft IE OWC Script Execution Microsoft Office Web Components (OWC) contain a flaw that allows a remote attacker to execute arbitrary scripts when called via Internet Explorer. The flaw is due to components that are marked as "safe" for scripting which allow arbitrary commands to be executed via the "setTimeout" function. An attacker who created a malicious HTML document could use this function along with ""=HOST()" to change the Document Object Model (DOM) and execute the arbitrary script. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access RuleID : 7877 - Revision : 10 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Data Source Control 10.0 ActiveX clsid access RuleID : 7876 - Revision : 18 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office PivotTable 10.0 ActiveX CLSID unicode access RuleID : 7875 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office PivotTable 10.0 ActiveX clsid access RuleID : 7874 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid unicode access RuleID : 7873 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 7872 - Revision : 17 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office 2000 and 2002 Web Components Record Navigation Control Activ... RuleID : 4178 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt RuleID : 4177 - Revision : 20 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office 2000 and 2002 Web Components Chart ActiveX object access RuleID : 4176 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office 2000/2002 Web Components PivotTable ActiveX object access RuleID : 4175 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX cls... RuleID : 4170 - Revision : 19 - Type : BROWSER-PLUGINS |
2015-01-06 | Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt RuleID : 32642 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-11-16 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 31759 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-11-16 | Microsoft Office Spreadsheet 10.0 ActiveX function call access RuleID : 31758 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX function call unicode access RuleID : 15856 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX function call access RuleID : 15855 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode... RuleID : 14630 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Office 2000 and 2002 Web Components PivotTable ActiveX clsid unicode access RuleID : 14629 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Office 2000 and 2002 Web Components Chart ActiveX clsid unicode access RuleID : 14628 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode... RuleID : 13468 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid unicode access RuleID : 13467 - Revision : 5 - Type : WEB-ACTIVEX |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:01:42 |
|
2021-04-22 01:01:50 |
|
2020-05-23 00:15:01 |
|
2018-10-13 00:22:25 |
|
2016-10-18 12:01:02 |
|
2016-06-28 14:59:16 |
|
2014-11-16 21:24:17 |
|
2014-01-19 21:21:43 |
|
2013-05-11 12:10:22 |
|