Microsoft Office 2000 UA Control
The Active X control, shipped with Microsoft Office 2000, named Microsoft Office UA Control is installed by default and is categorized as being safe for scripting. This control, while undocumented, and its interface are presumably used to script "Show Me" demonstrations for Office 2000 help and office assistant functionality.
Analysis of the controls interface, as reported by L0pht, reveals functionality to script almost any action in Office 2000 that the user could perform from the keyboard, including lowering he macro security settings to low. This action can be scripted from any HTML page views with active scripting enabled, including both Internet Explorer and Outlook e-mail clients in their default configurations.
The Microsoft Office UA control exports a powerful interface for automating commands within the Office 2000 environment. The problem lies in the fact that the control should not be marked safe for scripting. The ability of this control to allow for scripting via HTML or email makes it extremely dangerous.
A non-destructive demonstration is available by clicking here (will take you to
Microsoft has been made aware of this problem and has provided a patch available here.
Microsoft has also released their own Security Bulletin on the issue.