• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Office 2000 UA Control Vulnerability

Severity: MODERATE

Description:

MIcrosoft Office 2000 and related individual packages (eg., Microsoft Word 2000) have a feature called "Show Me" as part of the built-in help, which makes use of an ActiveX control (Office 2000 UA Control). This function was incorrectly flagged as "safe for scripting" and, although undocumented, could be used by a malicious web site operator to execute any commands in Microsoft Office 2000. It provides the ability to script almost all Office 2000 functions including file manipulation, configuration settings, etc.

Affected Products:

• Microsoft Access 2000
• Microsoft Excel 2000
• Microsoft FrontPage 2000 0.0.0
• Microsoft Office 2000
• Microsoft Outlook 2000 0.0.0
• Microsoft Photodraw 2000 0.0.0
• Microsoft PowerPoint 2000
• Microsoft Project 2000
• Microsoft Word 2000
• Microsoft Works 2000 0.0.0

References:

• Microsoft: Frequently Asked Questions: Microsoft Security Bulletin (MS00-034)
• Microsoft: Q262767: OFF2000: Update Available for "Office 2000 UA Control" Vulnerability

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.