CVE-2000-0088 — Authentication Bypass by Primary Weakness in Microsoft Word

CWE-305 — Authentication Bypass by Primary Weakness4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 33.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Converter Pack Microsoft Powerpoint +1 more

Timeline

PublishedJan 20

Latest updateApr 30

Description

Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/word2000, 97, 98+2

▶NVDmicrosoft/office2000, 97+1

▶NVDmicrosoft/powerpoint2000, 97+1

▶NVDmicrosoft/office_converter_pack2000.0

🔴Vulnerability Details

GHSA

GHSA-v953-3rp8-5v5v: Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malform↗2022-04-30

▶

CVEList

CVE-2000-0088: Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malform↗2000-03-22

▶

📐Framework References

CWE

Authentication Bypass by Primary Weakness↗

▶