cbcvebase.
CVE-2000-0325
published 1999-08-20

CVE-2000-0325: The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.

PriorityP270high7.2CVSS 2.0
AVLACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.73%
88.5th percentile
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftjet
microsoftjet

Detection & IOCsextracted from sources · hover to see the quote

filenameMSJET35.DLL
filenameMSJET40.DLL
  • Malicious .xls or .doc files embedding VBA Shell commands should be flagged; no macro warnings are raised by the application, bypassing standard macro-based AV detection.
  • Exploit payload may be delivered as a hidden/invisible embedded .xls object within a web page (e.g., hidden iframe/frame), so monitor for browser-spawned Office processes loading Jet DLLs.
  • Command execution occurs in the context of the opening user; monitor for Office/Jet processes spawning child processes such as regedit.exe or ftp.exe without user interaction.
  • No AV products were capable of detecting this exploit at time of disclosure; rely on behavioral detection (child process spawning from Jet/Office) rather than signature-only scanning.
  • ·Vulnerability is confirmed against Jet database engine version 3.51.1029.00 specifically; affects Office 95/97 users with Jet versions around 3.5.
  • ·Exploit can be distributed via multiple vectors including email, web pages with hidden frames, or other file-delivery methods — detection scope must cover all ingress channels.

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.