Reported October 17, 2002, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Word 2002

  • Microsoft Word 2000

  • Microsoft Word 98(J)

  • Microsoft Word 97

  • Microsoft Excel 2002

  • Microsoft Word 2001 for Macintosh

  • Microsoft Word 98 for Macintosh

  • Microsoft Word X for Macintosh

 

DESCRIPTION

 

An information disclosure vulnerability exists in Word and Excel that lets an attacker create a document that, when opened, updates itself to include the contents of any file from the vulnerable computer.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-059 (Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Microsoft.