CVE-1999-0354 - Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the

CVE-1999-0354

Summary

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-002

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 22-07-2021 - 14:02)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

ntbugtraq

Jan27,1999

Last major update

22-07-2021 - 14:02

Published

01-11-1999 - 05:00

Last modified

22-07-2021 - 14:02