CVE-2000-0160 — Microsoft IE vulnerability

3 documents3 sources

Severity

7.6HIGHNVD

EPSS

10.3%

top 6.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedFeb 21

Latest updateApr 30

Description

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5

▶NVDmicrosoft/ie4.x

🔴Vulnerability Details

GHSA

GHSA-xwwx-jfc6-33fv: The Microsoft Active Setup ActiveX component in Internet Explorer 4↗2022-04-30

▶

CVEList

CVE-2000-0160: The Microsoft Active Setup ActiveX component in Internet Explorer 4↗2000-02-23

▶