Back
CVE-2001-0003
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
Published: Feb 12, 2001
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (4)
| Vendor | Product | Version |
|---|---|---|
| microsoft | office | 2000 |
| microsoft | windows_2000 | * |
| microsoft | windows_me | * |
| microsoft | windows_nt | * |
References (6)
- http://www.securityfocus.com/bid/2199 Patch, Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5920
- http://www.securityfocus.com/bid/2199 Patch, Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5920
Risk Scores
CVSS Score
5.0 / 10
EPSS Score
28.72%
Top 3% most likely to be exploited
Threat Score
28.6 / 100
Data Sources
NVD
EPSS