CVE-2002-1143

medium

Microsoft

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

32.5%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: April 11, 2003 (8434 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

CWE

NVD-CWE-Other

Affected Products

microsoft excelmicrosoft word

References

🔗 marc.info 🔗 marc.info 🔗 www.iss.net 🔗 www.iss.net 🔗 www.kb.cert.org

CVE-2002-1143

Vulnerability Report

Description

CWE

Affected Products

References