Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-056