Vulnerability Description
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2000 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
- http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.htmlVendor Advisory
- http://www.securityfocus.com/bid/1699ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5263
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
- http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.htmlVendor Advisory
- http://www.securityfocus.com/bid/1699ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5263
FAQ
What is CVE-2000-0854?
CVE-2000-0854 is a vulnerability with a CVSS score of 10.0 (HIGH). When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary com...
How severe is CVE-2000-0854?
CVE-2000-0854 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0854?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office.