Vulnerability CVE-2000-0419


Published: 2000-05-11   Modified: 2012-02-12

Description:
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> Access 
Microsoft -> Excel 
Microsoft -> Frontpage 
Microsoft -> Office 
Microsoft -> Outlook 
Microsoft -> Photodraw 2000 
Microsoft -> Powerpoint 
Microsoft -> Project 
Microsoft -> WORD 
Microsoft -> Works 

 References:
http://www.cert.org/advisories/CA-2000-07.html
http://www.microsoft.com/technet/support/kb.asp?ID=262767
http://www.securityfocus.com/bid/1197
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034

Copyright 2021, cxsecurity.com

 

Back to Top