CVE-2001-0003Misinterpretation of Input in Microsoft Office

CWE-115Misinterpretation of Input3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
28.7%
top 3.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedFeb 12
Latest updateApr 30

Description

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-g7v5-rc2j-fqgg: Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTL2022-04-30

📐Framework References

1
CWE
Misinterpretation of Input
CVE-2001-0003 — Misinterpretation of Input in Microsoft | cvebase