Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0788

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0788
Last Modified 05 Sep 2008 04:21:53
Published 20 Oct 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0788

Summary

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

Vulnerable Systems

Application

  • Microsoft Access 2000

  • Microsoft Word 2000


References

BUGTRAQ - 20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook

BID - 1566

XF - word-mail-merge(5322)

MS - MS00-071


Last Updated: 27 May 2016 10:35:52