Vulnerabilities > CVE-2001-0003 - Unspecified vulnerability in Microsoft products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

NVD

Published: 2001-02-12

Updated: 2018-10-12

Summary

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Office 2000	1
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows ME * Microsoft Windows NT *	3

References

http://www.securityfocus.com/bid/2199
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001
https://exchange.xforce.ibmcloud.com/vulnerabilities/5920