CVE-2000-0854

Current Description

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Basic Data

PublishedNovember 14, 2000
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftOffice2000*******

Vulnerable Software List

VendorProductVersions
Microsoft Office 2000

References

NameSourceURLTags
20000922 Eudora + riched20.dll affects WinZip v8.0 as wellhttp://archives.neohapsis.com/archives/bugtraq/2000-09/0277.htmlBUGTRAQ
20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.htmlNTBUGTRAQ
20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some caseshttp://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.htmlWIN2KSECVendor Advisory
1699http://www.securityfocus.com/bid/1699BIDExploit Patch Vendor Advisory
office-dll-execution(5263)https://exchange.xforce.ibmcloud.com/vulnerabilities/5263XF