CVE-2001-0240 — Microsoft Word vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.5%

top 32.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Word

Timeline

PublishedJun 27

Latest updateApr 30

Description

Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/word4 versions+3

🔴Vulnerability Details

GHSA

GHSA-qc4q-94jc-f26r: Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that l↗2022-04-30

▶

CVEList

CVE-2001-0240: Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that l↗2001-09-18

▶