Lucene search

[email protected]CVE-2000-0597

HistoryOct 13, 2000 - 4:00 a.m.

CVE-2000-0597

2000-10-1304:00:00

[email protected]

web.nvd.nist.gov

microsoft office 2000

powerpoint 97

scripting

cve-2000-0597

vba saveas

office html script

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the “Office HTML Script” vulnerability.

Affected configurations

NVD

Node

microsoftexcelMatch2000

microsoftpowerpointMatch97

microsoftpowerpointMatch2000

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2000
microsoft:powerpointmicrosoft powerpointeq97
microsoft:powerpointmicrosoft powerpointeq2000

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2000
microsoft:powerpoint	microsoft powerpoint	eq	97
microsoft:powerpoint	microsoft powerpoint	eq	2000

References

www.securityfocus.com/bid/1399

www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB%40nat.bg

docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2000-0597

cvelist1 nvd1