CVE-2000-1061 - OpenCVE

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Ie

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:ie:4.x:::::::*
	cpe:2.3:a:microsoft:ie:5.x:::::::*

References

Link	Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075
https://exchange.xforce.ibmcloud.com/vulnerabilities/5127

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2001-01-22T05:00:00

Updated: 2005-11-02T10:00:00

Reserved: 2000-11-29T00:00:00

Link: CVE-2000-1061

JSON object: View

NVD Information

Status : Modified

Published: 2000-12-11T05:00:00.000

Modified: 2018-10-12T21:29:55.453

Link: CVE-2000-1061

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2000-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "java-vm-applet(5127)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"}, {"name": "MS00-075", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-1061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "java-vm-applet(5127)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"}, {"name": "MS00-075", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-1061", "datePublished": "2001-01-22T05:00:00", "dateReserved": "2000-11-29T00:00:00", "dateUpdated": "2005-11-02T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}