Critical Published: Oct 20, 2000 Modified: Apr 03, 2025

CVE-2000-0788

10 CVSS SCORE

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Confidentiality C

Integrity C

Availability C

Affected Software Configurations

a microsoft access 2000 * * * * * * *
a microsoft word 2000 * * * * * * *

Weaknesses (CWE)

NVD-CWE-Other

References & External Links

http://www.securityfocus.com/bid/1566
http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C%40nat.bg
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/5322
http://www.securityfocus.com/bid/1566
http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C%40nat.bg
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/5322

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker