http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200010-126

MicrosoftWord中MailMerge工具在Access数据库执行VisualBasic(VBA)脚本之前不提示用户，攻击者可以执行任意命令。

来源:BUGTRAQ
名称:20000807MSWordandMSAccessvulnerability-executingarbitraryprograms,maybeexploitedbyIE/Outlook
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:1566
链接:http://www.securityfocus.com/bid/1566
来源:XF
名称:word-mail-merge(5322)
链接:http://xforce.iss.net/static/5322.php
来源:MS
名称:MS00-071
链接:http://www.microsoft.com/technet/security/bulletin/ms00-071.asp