Arbitrary Command Execution Vulnerability in Microsoft Office 2000

Arbitrary Command Execution Vulnerability in Microsoft Office 2000

CVE-2000-0854 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Learn more about our Cis Benchmark Audit For Microsoft Office.