| Vulnerability Name: | CVE-2001-0003 (CCN-5920) | ||||||||
| Assigned: | 2001-01-11 | ||||||||
| Published: | 2001-01-11 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-0003 Source: CCN Type: Microsoft Security Bulletin MS01-001 FAQ Microsoft Security Bulletin (MS01-001): Frequently Asked Questions Source: CCN Type: Microsoft Security Bulletin MS01-001 Patch Available for "Web Client NTLM Authentication" Vulnerability Source: CCN Type: OSVDB ID: 1724 Microsoft Web Client Extender NTLM Credential Disclosure Source: BID Type: Patch, Vendor Advisory 2199 Source: CCN Type: BID-2199 Microsoft Web Client Extender NTLM Authentication Vulnerability Source: MS Type: UNKNOWN MS01-001 Source: XF Type: UNKNOWN wec-ntlm-authentication(5920) Source: XF Type: UNKNOWN wec-ntlm-authentication(5920) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||