CVE-2001-0628 — Microsoft Word vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

2.0%

top 16.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Word

Timeline

PublishedAug 14

Latest updateApr 30

Description

Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/word2000

Patches

Patch: support.microsoft.com ↗Patch: www.securityfocus.com ↗Patch: support.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4j6c-74jw-w252: Microsoft Word 2000 does not check AutoRecovery (↗2022-04-30

▶

CVEList

CVE-2001-0628: Microsoft Word 2000 does not check AutoRecovery (↗2002-03-09

▶