CVE-2000-0597Microsoft Excel vulnerability

5 documents4 sources
Severity
7.5HIGHNVD
EPSS
9.6%
top 7.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Powerpoint
Timeline
PublishedJun 27
Latest updateApr 30

Description

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/powerpoint2000, 97+1
NVDmicrosoft/excel2000

🔴Vulnerability Details

2
GHSA
GHSA-m2cw-8f75-qf8v: Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explo2022-04-30
CVEList
CVE-2000-0597: Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explo2000-10-13

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows Server 2000 - Lanman Denial of Service (2)2003-01-03
Exploit-DB
Microsoft Windows Server 2000 - Lanman Denial of Service (1)2002-04-17
CVE-2000-0597 — Microsoft Excel vulnerability | cvebase