CVE-2000-0854

Name of the Vulnerable Software and Affected Versions Microsoft Office 2000

Description The issue allows an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as a Microsoft Office document. This occurs because the directory of the launched document is used to locate DLLs such as riched20.dll and msi.dll.

Recommendations For Microsoft Office 2000, consider restricting access to the directory where documents are launched to minimize the risk of exploitation. As a temporary workaround, avoid opening documents from untrusted sources until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.