CVE-2000-0854
HIGH severity · CVSS 10
10CVSS HIGH
Summary
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)37%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.securityfocus.com/bid/1699 ↗
Additional information
- NVD record
- http://www.securityfocus.com/bid/1699Patch
- http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.htmlAdvisory
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5263