Microsoft Information for VU#35626

Office 2000 UA Control incorrectly marked safe for scripting

Status

Affected

Vendor Statement

Microsoft has published a security bulletin, an FAQ, and a knowledgebase article describing this vulnerability. These documents are available from Microsoft's web site:

http://microsoft.com/technet/security/bulletin/ms00-034.asp
http://microsoft.com/technet/security/bulletin/fq00-034.asp
http://microsoft.com/technet/support/kb.asp?ID=262767

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC believes the following systems are affected by this vulnerability:

Systems with Internet Explorer and Microsoft Office 2000 components, including

  • Word 2000
  • Excel 2000
  • PowerPoint 2000
  • Access 2000
  • Photodraw 2000
  • FrontPage 2000
  • Project 2000
  • Outlook 2000
  • Publisher 2000
  • Works 2000 Suite

    If you have feedback, comments, or additional information about this vulnerability, please send us email.