Vulnerability Description
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2000 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Me | All versions |
| Microsoft | Windows Nt | All versions |
References
- http://www.securityfocus.com/bid/2199PatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5920
- http://www.securityfocus.com/bid/2199PatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5920
FAQ
What is CVE-2001-0003?
CVE-2001-0003 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain...
How severe is CVE-2001-0003?
CVE-2001-0003 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0003?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows Nt.