CVE-2000-0419

Current Description

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

Basic Data

PublishedMay 11, 2000
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftAccess2000*******
    2.3ApplicationMicrosoftExcel2000*******
    2.3ApplicationMicrosoftFrontpage2000*******
    2.3ApplicationMicrosoftOffice2000*******
    2.3ApplicationMicrosoftOutlook2000*******
    2.3ApplicationMicrosoftPhotodraw 20001.0*******
    2.3ApplicationMicrosoftPowerpoint2000*******
    2.3ApplicationMicrosoftProject2000*******
    2.3ApplicationMicrosoftWord2000*******
    2.3ApplicationMicrosoftWorks2000*******

Vulnerable Software List

VendorProductVersions
Microsoft Office 2000
Microsoft Word 2000
Microsoft Frontpage 2000
Microsoft Outlook 2000
Microsoft Project 2000
Microsoft Access 2000
Microsoft Powerpoint 2000
Microsoft Excel 2000
Microsoft Photodraw 2000 1.0
Microsoft Works 2000

References

NameSourceURLTags
CA-2000-07http://www.cert.org/advisories/CA-2000-07.htmlCERTUS Government Resource
Q262767http://www.microsoft.com/technet/support/kb.asp?ID=262767MSKB
1197http://www.securityfocus.com/bid/1197BID
MS00-034https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034MS