Reported October 17, 2002, by Microsoft.
Microsoft Word 2002
Microsoft Word 2000
Microsoft Word 98(J)
Microsoft Word 97
Microsoft Excel 2002
Microsoft Word 2001 for Macintosh
Microsoft Word 98 for Macintosh
Microsoft Word X for Macintosh
An information disclosure vulnerability exists in Word and Excel that lets an attacker create a document that, when opened, updates itself to include the contents of any file from the vulnerable computer.
The vendor, Microsoft, has released Security Bulletin MS02-059 (Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.
Discovered by Microsoft.