Lucene search

[email protected]CVE-2000-0788

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2000-0788

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

microsoft word

mail merge

vba scripts

access database

security vulnerability

cve-2000-0788

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

Affected configurations

NVD

Node

microsoftaccessMatch2000

microsoftwordMatch2000

CPENameOperatorVersion
microsoft:accessmicrosoft accesseq2000
microsoft:wordmicrosoft wordeq2000

CPE	Name	Operator	Version
microsoft:access	microsoft access	eq	2000
microsoft:word	microsoft word	eq	2000

References

www.securityfocus.com/bid/1566

www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C%40nat.bg

docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071

exchange.xforce.ibmcloud.com/vulnerabilities/5322

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2000-0788

nvd2 cvelist2 cve1