VULHUB ™

MIcrosoft Office 2000 and related individual packages (eg., Microsoft Word 2000) have a feature called "Show Me" as part of the built-in help, which makes use of an ActiveX control (Office 2000 UA Control). This function was incorrectly flagged as "safe for scripting" and, although undocumented, could be used by a malicious web site operator to execute any commands in Microsoft Office 2000. It provides the ability to script almost all Office 2000 functions including file manipulation, configuration settings, etc.

MIcrosoft Office 2000 and related individual packages (eg., Microsoft Word 2000) have a feature called "Show Me" as part of the built-in help, which makes use of an ActiveX control (Office 2000 UA Control). This function was incorrectly flagged as "safe for scripting" and, although undocumented, could be used by a malicious web site operator to execute any commands in Microsoft Office 2000. It provides the ability to script almost all Office 2000 functions including file manipulation, configuration settings, etc.