Vulnerability Description
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Excel | 2000 |
| Microsoft | Powerpoint | 97 |
References
- http://www.securityfocus.com/bid/1399
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-04
- http://www.securityfocus.com/bid/1399
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-04
FAQ
What is CVE-2000-0597?
CVE-2000-0597 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitra...
How severe is CVE-2000-0597?
CVE-2000-0597 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0597?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Powerpoint.