CVE-2000-0419

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.microsoft.com/technet/support/kb.asp?ID=262767
http://www.cert.org/advisories/CA-2000-07.html	US Government Resource
http://www.securityfocus.com/bid/1197
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:photodraw_2000:1.0:::::::*
	cpe:2.3:a:microsoft:powerpoint:2000:::::::*
	cpe:2.3:a:microsoft:project:2000:::::::*
	cpe:2.3:a:microsoft:access:2000:::::::*
	cpe:2.3:a:microsoft:word:2000:::::::*
	cpe:2.3:a:microsoft:works:2000:::::::*
	cpe:2.3:a:microsoft:office:2000:::::::*
	cpe:2.3:a:microsoft:outlook:2000:::::::*
	cpe:2.3:a:microsoft:excel:2000:::::::*
	cpe:2.3:a:microsoft:frontpage:2000:::::::*

Information

Published : 2000-05-10 21:00

Updated : 2018-10-12 14:29

NVD link : CVE-2000-0419

Mitre link : CVE-2000-0419

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

photodraw_2000
project
powerpoint
works
access
frontpage
excel
office
word
outlook

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.microsoft.com/technet/support/kb.asp?ID=262767", "name": "Q262767", "tags": [], "refsource": "MSKB"}, {"url": "http://www.cert.org/advisories/CA-2000-07.html", "name": "CA-2000-07", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.securityfocus.com/bid/1197", "name": "1197", "tags": [], "refsource": "BID"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034", "name": "MS00-034", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Office 2000 UA ActiveX Control is marked as \"safe for scripting,\" which allows remote attackers to conduct unauthorized activities via the \"Show Me\" function in Office Help, aka the \"Office 2000 UA Control\" vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2000-0419", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2000-05-11T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:photodraw_2000:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:works:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:29Z"}