CVE-2001-0003 : Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Expl

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.

Published 2001-02-12 05:00:00

Updated 2018-10-12 21:30:02

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2001-0003

Probability of exploitation activity in the next 30 days: 0.49%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2001-0003

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2001-0003

Products affected by CVE-2001-0003

Microsoft » Windows Nt
cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2000
cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2001-0003

Exploit prediction scoring system (EPSS) score for CVE-2001-0003

CVSS scores for CVE-2001-0003

References for CVE-2001-0003

Products affected by CVE-2001-0003