Vulnerability Description
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Access | 2000 |
| Microsoft | Word | 2000 |
References
- http://www.securityfocus.com/bid/1566ExploitVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5322
- http://www.securityfocus.com/bid/1566ExploitVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5322
FAQ
What is CVE-2000-0788?
CVE-2000-0788 is a vulnerability with a CVSS score of 10.0 (HIGH). The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
How severe is CVE-2000-0788?
CVE-2000-0788 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0788?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Access, Microsoft Word.