| Vulnerability Name: | CVE-2000-0788 (CCN-5322) | ||||||||
| Assigned: | 2000-10-05 | ||||||||
| Published: | 2000-10-05 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0788 Source: CCN Type: Microsoft Security Bulletin MS00-071 FAQ Microsoft Security Bulletin (MS00-071): Frequently Asked Questions Source: CCN Type: Microsoft Security Bulletin MS00-071 Patch Available for 'Word Mail Merge' Vulnerability Source: CCN Type: OSVDB ID: 1505 Microsoft Word Mail Merge Arbitrary Command Execution Source: CCN Type: OSVDB ID: 5171 Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script Source: BID Type: Exploit, Vendor Advisory 1566 Source: CCN Type: BID-1566 Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability Source: BUGTRAQ Type: Exploit, Vendor Advisory 20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook Source: MS Type: UNKNOWN MS00-071 Source: XF Type: UNKNOWN word-mail-merge(5322) Source: XF Type: UNKNOWN word-mail-merge(5322) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||