CVE-2001-0718

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cert.org/advisories/CA-2001-28.html	Patch Third Party Advisory US Government Resource
http://online.securityfocus.com/archive/1/218802
http://www.kb.cert.org/vuls/id/287067	US Government Resource
http://www.securityfocus.com/bid/3402
https://exchange.xforce.ibmcloud.com/vulnerabilities/7223
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-050

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:excel::::::::
	cpe:2.3:a:microsoft:powerpoint::::::::

Information

Published : 2001-10-29 21:00

Updated : 2018-10-12 14:30

NVD link : CVE-2001-0718

Mitre link : CVE-2001-0718

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

powerpoint
excel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cert.org/advisories/CA-2001-28.html", "name": "CA-2001-28", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://online.securityfocus.com/archive/1/218802", "name": "20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.kb.cert.org/vuls/id/287067", "name": "VU#287067", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/3402", "name": "3402", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7223", "name": "ms-malformed-document-macro(7223)", "tags": [], "refsource": "XF"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-050", "name": "MS01-050", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0718", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-10-30T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2002"}, {"cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2002"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:30Z"}

7.5 /10