CVE-2000-0596

Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg	Exploit Patch Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu
http://www.cert.org/advisories/CA-2000-16.html	US Government Resource
http://www.securityfocus.com/bid/1398
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2::::::

Information

Published : 2000-06-26 21:00

Updated : 2021-07-22 07:01

NVD link : CVE-2000-0596

Mitre link : CVE-2000-0596

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

internet_explorer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg", "name": "20000627 IE 5 and Access 2000 vulnerability - executing programs", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu", "name": "20000627 FW: IE 5 and Access 2000 vulnerability - executing programs", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.cert.org/advisories/CA-2000-16.html", "name": "CA-2000-16", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.securityfocus.com/bid/1398", "name": "1398", "tags": [], "refsource": "BID"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049", "name": "MS00-049", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the \"IE Script\" vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2000-0596", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2000-06-27T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-22T14:01Z"}