Page 21 of 104 results (0.016 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. • http://www.securityfocus.com/bid/1566 http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C%40nat.bg https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071 https://exchange.xforce.ibmcloud.com/vulnerabilities/5322 •

CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. • http://www.cert.org/advisories/CA-2000-07.html http://www.microsoft.com/technet/support/kb.asp?ID=262767 http://www.securityfocus.com/bid/1197 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034 •

CVSS: 10.0EPSS: 68%CPEs: 7EXPL: 2

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. • https://www.exploit-db.com/exploits/19425 https://www.exploit-db.com/exploits/19424 http://www.ciac.org/ciac/bulletins/j-054.shtml http://www.osvdb.org/272 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025 https://www.securityfocus.com/bid/529 - • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. • http://marc.info/?l=bugtraq&m=91816470220259&w=2 •