Vulnerability Description
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office Web Components | 2000 |
| Microsoft | Project | 2002 |
References
- http://marc.info/?l=bugtraq&m=101829645415486&w=2
- http://www.iss.net/security_center/static/8777.phpPatchVendor Advisory
- http://www.osvdb.org/3006
- http://www.securityfocus.com/bid/4449
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-04
- http://marc.info/?l=bugtraq&m=101829645415486&w=2
- http://www.iss.net/security_center/static/8777.phpPatchVendor Advisory
- http://www.osvdb.org/3006
- http://www.securityfocus.com/bid/4449
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-04
FAQ
What is CVE-2002-0727?
CVE-2002-0727 is a vulnerability with a CVSS score of 7.5 (HIGH). The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via...
How severe is CVE-2002-0727?
CVE-2002-0727 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0727?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office Web Components, Microsoft Project.