CVE-2001-0003
First published: Mon Feb 12 2001(Updated: )
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2000 | |
| Microsoft Windows 2000 | ||
| Microsoft Windows | ||
| Microsoft Windows NT |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0003?
CVE-2001-0003 is rated as a critical vulnerability due to the potential exposure of NTLM credentials.
How do I fix CVE-2001-0003?
To mitigate CVE-2001-0003, ensure that you apply all relevant security updates for Microsoft Office 2000 and Windows 2000.
What systems are affected by CVE-2001-0003?
CVE-2001-0003 affects Microsoft Office 2000, Windows 2000, and Windows Me environments.
What type of attack does CVE-2001-0003 enable?
CVE-2001-0003 allows attackers to obtain NTLM credentials, which can lead to unauthorized access.
Is CVE-2001-0003 still a concern in modern systems?
CVE-2001-0003 primarily affects legacy systems, but if present, it poses a significant security risk.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2000
- canonical/microsoft windows 2000
- canonical/microsoft windows
- canonical/microsoft windows nt