CVE-2000-0325
published 1999-08-20CVE-2000-0325: The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
PriorityP270high7.2CVSS 2.0
AVLACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.73%
88.5th percentile
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | jet | — | — |
| microsoft | jet | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Malicious .xls or .doc files embedding VBA Shell commands should be flagged; no macro warnings are raised by the application, bypassing standard macro-based AV detection. ↗
- →Exploit payload may be delivered as a hidden/invisible embedded .xls object within a web page (e.g., hidden iframe/frame), so monitor for browser-spawned Office processes loading Jet DLLs. ↗
- →Command execution occurs in the context of the opening user; monitor for Office/Jet processes spawning child processes such as regedit.exe or ftp.exe without user interaction. ↗
- →No AV products were capable of detecting this exploit at time of disclosure; rely on behavioral detection (child process spawning from Jet/Office) rather than signature-only scanning. ↗
- ·Vulnerability is confirmed against Jet database engine version 3.51.1029.00 specifically; affects Office 95/97 users with Jet versions around 3.5. ↗
- ·Exploit can be distributed via multiple vectors including email, web pages with hidden frames, or other file-delivery methods — detection scope must cover all ingress channels. ↗
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m238-53hv-gp98: The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability
ghsa_unreviewed·2022-04-30
CVE-2000-0325 [HIGH] GHSA-m238-53hv-gp98: The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
VulnCheck
Microsoft Jet Database Engine VBA Shell Vulnerability
vulncheck·2000·CVSS 7.2
CVE-2000-0325 [HIGH] Microsoft Jet Database Engine VBA Shell Vulnerability
Microsoft Jet Database Engine VBA Shell Vulnerability
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
Affected: Microsoft jet
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://go.catonetworks.com/rs/245-RJK-441/images/CATO_CTRL_Report_Q3_2024.pdf
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/548https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-030https://exchange.xforce.ibmcloud.com/vulnerabilities/3155http://www.securityfocus.com/bid/548https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-030https://exchange.xforce.ibmcloud.com/vulnerabilities/3155
1999-08-20
Published
Exploited in the wild