Description
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
Product(s):
- Microsoft Excel 2000
- Microsoft Excel 2000 gold
- Microsoft Excel 2000 sp1
- Microsoft Excel 2000_sr1a
- Microsoft Excel 2000 SP2
- Microsoft Excel 2000 Service Pack 3
- Microsoft Excel 2000 SR1
- Microsoft Excel 2000 sr1a
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2000 Japanese
- Microsoft PowerPoint 2000 Korean
- Microsoft PowerPoint 2000 Chinese
- Microsoft PowerPoint 2000 sp2
- Microsoft PowerPoint 2000 sp3
- Microsoft PowerPoint 2000 sr1
- Microsoft PowerPoint 97
- Microsoft PowerPoint 97 any any ja
- Microsoft PowerPoint 97 any any ko
- Microsoft PowerPoint 97 any any zh
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2000-0597, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0597 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.