| Vulnerability Name: | CVE-2000-0419 (CCN-4445) | ||||||||
| Assigned: | 2000-05-11 | ||||||||
| Published: | 2000-05-11 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0419 Source: CCN Type: CERT Advisory CA-2000-07 Microsoft Office 2000 UA ActiveX Control Incorrectly Marked "Safe for Scripting" Source: CERT Type: US Government Resource CA-2000-07 Source: CCN Type: CIAC Information Bulletin K-042 Microsoft "Office 2000 UA Control" Vulnerability Source: CCN Type: US-CERT VU#35626 Office 2000 UA Control incorrectly marked safe for scripting Source: CCN Type: Microsoft Security Bulletin MS00-034 Patch Available for "Office 2000 UA Control" Vulnerability Source: MSKB Type: UNKNOWN Q262767 Source: CCN Type: OSVDB ID: 1328 Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution Source: BID Type: UNKNOWN 1197 Source: CCN Type: BID-1197 Microsoft Office 2000 UA Control Vulnerability Source: CCN Type: @stake, Inc./L0pht Security Advisory 05/12/00 Microsoft Office 2000 UA Control Scripting Source: MS Type: UNKNOWN MS00-034 Source: XF Type: UNKNOWN office-ua-control(4445) Source: CCN Type: Microsoft Knowledge Base Article 262767 Malformed Component Attribute Issue in Internet Explorer | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||