ID CVE-2000-0419
Summary The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:photodraw_2000:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:photodraw_2000:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2000:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 1197
cert CA-2000-07
mskb Q262767
xf office-ua-control
Last major update 12-10-2018 - 21:29
Published 11-05-2000 - 04:00
Last modified 12-10-2018 - 21:29
Back to Top