CVEブラウザに戻る

CVE-2000-0854

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1540%

EPSS Percentile3.32th

Published2000年11月14日

Last Modified2026年4月16日

Vulnerability Description

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Affected Platforms (CPE)

📦

Microsoft

Office

= 2000

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html

🔗 http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html

🔗 http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html

🔗 http://www.securityfocus.com/bid/1699

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5263

🔗 http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html

🔗 http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html

🔗 http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html

関連する脆弱性情報

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2007-346510.0

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.