PT-2001-1241 · Microsoft · Internet Explorer+4

Published

2001-02-12

Updated

2018-10-12

CVE-2001-0003

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Microsoft Office 2000 Windows 2000 Windows Me

Description: The issue arises from the Web Extender Client (WEC) not properly processing Internet Explorer security settings for NTLM authentication. This allows attackers to obtain NTLM credentials and possibly the password.

Recommendations: For Microsoft Office 2000, consider disabling NTLM authentication until a patch is available. For Windows 2000, restrict access to the Web Extender Client (WEC) to minimize the risk of exploitation. For Windows Me, avoid using the Web Extender Client (WEC) for NTLM authentication until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0003

Affected Products

Internet Explorer

Office 2000

Web Extender Client

Windows 2000

Windows Me

PT-2001-1241 · Microsoft · Internet Explorer+4

CVE-2001-0003

Related Identifiers

Affected Products

References · 4