The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
http://www.securityfocus.com/bid/4453