CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0854

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile3.32th
PublishedNov 14, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office

= 2000

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
πŸ”— http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
πŸ”— http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html
πŸ”— http://www.securityfocus.com/bid/1699
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/5263
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
πŸ”— http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
πŸ”— http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html

Related Vulnerabilities

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2007-346510.0

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.