PT-2001-1241 · Microsoft · Internet Explorer+4

Publicado

2001-02-12

Atualizado

2018-10-12

CVE-2001-0003

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Microsoft Office 2000 Windows 2000 Windows Me

Description: The issue arises from the Web Extender Client (WEC) not properly processing Internet Explorer security settings for NTLM authentication. This allows attackers to obtain NTLM credentials and possibly the password.

Recommendations: For Microsoft Office 2000, consider disabling NTLM authentication until a patch is available. For Windows 2000, restrict access to the Web Extender Client (WEC) to minimize the risk of exploitation. For Windows Me, avoid using the Web Extender Client (WEC) for NTLM authentication until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2001-0003

Produtos afetados

Internet Explorer

Office 2000

Web Extender Client

Windows 2000

Windows Me

PT-2001-1241 · Microsoft · Internet Explorer+4

CVE-2001-0003

Identificadores relacionados

Produtos afetados

Referências · 4