Exploitation Summary
EIP tracks 2 public exploits for CVE-2002-1143. PoCs published by Richard Edwards, Alex Gantman.
AI-analyzed exploit summary This exploit leverages the INCLUDEPICTURE Field Code in Microsoft Word to exfiltrate local file contents or user information by embedding malicious URLs in a document. The vulnerability allows an attacker to craft a document that, when processed, sends sensitive data to a remote server.
Description
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
Exploits (2)
This exploit leverages the INCLUDEPICTURE Field Code in Microsoft Word to exfiltrate local file contents or user information by embedding malicious URLs in a document. The vulnerability allows an attacker to craft a document that, when processed, sends sensitive data to a remote server.
This is a writeup describing the abuse of the INCLUDETEXT Field Code in Microsoft Word and Excel to exfiltrate local files. It provides a field structure example to steal file contents but does not include executable exploit code.