CVE-2000-0277Product UI does not Warn User of Unsafe Actions in Microsoft Excel

CWE-254CWE-356Product UI does not Warn User of Unsafe Actions4 documents4 sources
Severity
7.2HIGHNVD
EPSS
1.7%
top 17.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedApr 3
Latest updateApr 30

Description

Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/excel2000, 97+1

🔴Vulnerability Details

2
GHSA
GHSA-j2mj-gpqp-ph4f: Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attac2022-04-30
CVEList
CVE-2000-0277: Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attac2000-06-02

📐Framework References

1
CWE
Product UI does not Warn User of Unsafe Actions
CVE-2000-0277 — Microsoft Excel vulnerability | cvebase