CVE-2002-1143

Description

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.

Risk Information

Base Score

6.6

MODERATE

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

32.477

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234