Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0854

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0854
Last Modified 05 Sep 2008 04:22:02
Published 14 Nov 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0854

Summary

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Vulnerable Systems

Application

  • Microsoft Office 2000


References

BID - 1699

WIN2KSEC - 20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases

XF - office-dll-execution(5263)

NTBUGTRAQ - 20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000

BUGTRAQ - 20000922 Eudora + riched20.dll affects WinZip v8.0 as well


Last Updated: 27 May 2016 10:35:54