ID CVE-2002-0058 Type cve Reporter cve@mitre.org Modified 2018-10-12T21:30:00
Description
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
{"id": "CVE-2002-0058", "bulletinFamily": "NVD", "title": "CVE-2002-0058", "description": "Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.", "published": "2002-03-15T05:00:00", "modified": "2018-10-12T21:30:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0058", "reporter": "cve@mitre.org", "references": ["https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013", "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216", "http://marc.info/?l=bugtraq&m=101534535304228&w=2"], "cvelist": ["CVE-2002-0058"], "type": "cve", "lastseen": "2020-01-11T13:38:24", "history": [{"bulletin": {"affectedSoftware": [{"name": "microsoft virtual_machine", "operator": "eq", "version": "3802"}, {"name": "sun jdk", "operator": "eq", "version": "1.1.8"}, {"name": "sun jre", "operator": "eq", "version": "1.3.0"}, {"name": "sun sdk", "operator": "eq", "version": "1.2.2_010"}, {"name": "sun jre", "operator": "eq", "version": "1.1.8"}, {"name": "sun sdk", "operator": "eq", "version": "1.3_02"}, {"name": "sun jre", "operator": "eq", "version": "1.2.2"}, {"name": "sun sdk", "operator": "eq", "version": "1.1.8_007"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:sun:jre:1.1.8", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3_02", "cpe:/a:sun:sdk:1.2.2_010", "cpe:/a:sun:jdk:1.1.8", "cpe:/a:sun:jre:1.2.2", "cpe:/a:sun:sdk:1.1.8_007", "cpe:/a:microsoft:virtual_machine:3802"], "cpe23": ["cpe:2.3:a:sun:jre:1.1.8:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.1.8_007:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:*", "cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.1.8:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.2.2:update10:*:*:*:*:*:*"], "cvelist": ["CVE-2002-0058"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["NVD-CWE-Other"], "description": "Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:07:38", "references": [{"idList": ["OSVDB:14270"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:2587"], "type": "securityvulns"}, {"idList": ["SMB_NT_MS02-013.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-05-29T18:07:38", "value": 5.0, "vector": "NONE"}}, "hash": "8bed7084dc358159956cc2e807452927e27ec92c073d5f3c1f439a60f989db75", "hashmap": [{"hash": "44cd9493f7db903db9f43150dd1ccacd", "key": "affectedSoftware"}, {"hash": "a7f16d31a20b3256854ce02f1ce162f0", "key": "cvelist"}, {"hash": "9fbbe7b297785b63063f5441f1c0485a", "key": "title"}, {"hash": "58c700edf99ede747b8b90df59430c39", "key": "published"}, {"hash": "b859d43506dfdba97fb270d46af0cbfd", "key": "description"}, {"hash": "7b39932bac1560551d5bef8c2fecd078", "key": "cpe"}, {"hash": "f30109dfdbfbf783c0b61792a6b2c20a", "key": "cvss2"}, {"hash": "27c3e02337e4eff0b9fe83e8b304560a", "key": "references"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "e1f781bf7efecc9a9d1db5d39b94539d", "key": "modified"}, {"hash": "78a7a5cbaf09985c14389298e454e7db", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "2523bf18676ae2be29d452af77449718", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "aa8f5080520d85e844437ccfaa1827f2", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0058", "id": "CVE-2002-0058", "lastseen": "2019-05-29T18:07:38", "modified": "2018-10-12T21:30:00", "objectVersion": "1.3", "published": "2002-03-15T05:00:00", "references": ["https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013", "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216", "http://marc.info/?l=bugtraq&m=101534535304228&w=2"], "reporter": "cve@mitre.org", "title": "CVE-2002-0058", "type": "cve", "viewCount": 0}, "differentElements": ["cpe23", "cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:07:38"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1e8b5caeebb574fa9060f5e43ee03d34"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b92d77de7524e5f3ea98950ce5cd6302"}, {"key": "cpe23", "hash": "01fbbf1a30edc5adab251eb6988b8bff"}, {"key": "cvelist", "hash": "a7f16d31a20b3256854ce02f1ce162f0"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "b859d43506dfdba97fb270d46af0cbfd"}, {"key": "href", "hash": "aa8f5080520d85e844437ccfaa1827f2"}, {"key": "modified", "hash": "e1f781bf7efecc9a9d1db5d39b94539d"}, {"key": "published", "hash": "58c700edf99ede747b8b90df59430c39"}, {"key": "references", "hash": "27c3e02337e4eff0b9fe83e8b304560a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9fbbe7b297785b63063f5441f1c0485a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d9cbf331a03e541d84b21cb9ec47d0169c15ef211f060d6676582fb5605cb473", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:14270"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:2587"]}, {"type": "nessus", "idList": ["SMB_NT_MS02-013.NASL"]}], "modified": "2020-01-11T13:38:24"}, "score": {"value": 5.0, "vector": "NONE", "modified": "2020-01-11T13:38:24"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:sun:jre:1.1.8", "cpe:/a:sun:jre:1.3.0", "cpe:/a:sun:sdk:1.3_02", "cpe:/a:sun:sdk:1.2.2_010", "cpe:/a:sun:jdk:1.1.8", "cpe:/a:sun:jre:1.2.2", "cpe:/a:sun:sdk:1.1.8_007", "cpe:/a:sun:sdk:1.2.2_10", "cpe:/a:microsoft:virtual_machine:3802"], "affectedSoftware": [{"name": "microsoft virtual_machine", "operator": "eq", "version": "3802"}, {"name": "sun jdk", "operator": "eq", "version": "1.1.8"}, {"name": "sun jre", "operator": "eq", "version": "1.3.0"}, {"name": "sun sdk", "operator": "eq", "version": "1.2.2_10"}, {"name": "sun sdk", "operator": "eq", "version": "1.2.2_010"}, {"name": "sun jre", "operator": "eq", "version": "1.1.8"}, {"name": "sun sdk", "operator": "eq", "version": "1.3_02"}, {"name": "sun jre", "operator": "eq", "version": "1.2.2"}, {"name": "sun sdk", "operator": "eq", "version": "1.1.8_007"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:sun:jre:1.1.8:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.1.8_007:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:*", "cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.1.8:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.2.2:update10:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null}
{"osvdb": [{"lastseen": "2017-04-28T13:20:10", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-22-00216-1)\n[Vendor Specific Advisory URL](http://www.hitachi-support.com/security_e/vuls_e/HS02-001_e/index-e.html)\nMicrosoft Security Bulletin: MS02-013\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0025.html\nISS X-Force ID: 8351\n[CVE-2002-0058](https://vulners.com/cve/CVE-2002-0058)\nCIAC Advisory: m-052\nBugtraq ID: 4228\n", "modified": "2002-03-04T00:00:00", "published": "2002-03-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:14270", "id": "OSVDB:14270", "type": "osvdb", "title": "Sun Java JRE HTTP Proxy Java Applet Session Hijack", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:05", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n===Java HTTP proxy vulnerability===\r\n\r\n Reference wal-01\r\n Version 1.0\r\n Date March 05, 2002\r\n\r\n===Cross references\r\n\r\n Sun Security Bulletin #00216\r\n Microsoft Security Bulletin MS02-013\r\n\r\n Vulnerability identifier CAN-2002-0058 (under review)\r\n http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0058\r\n\r\n===Classifications\r\n\r\n Java, networking, HTTP\r\n Web browsers, applets \r\n Unchecked network access, HTTP proxy connection hijacking\r\n\r\n===Abstract problem description\r\n\r\n =Background\r\nThe Java security model is designed to allow code from an untrusted\r\nsource, usually web applets, to be safely executed.\r\n\r\n =Problem\r\nAn applet could do irregular, unchecked HTTP requests.\r\n\r\n =Consequence\r\nNetwork access restrictions that apply, can be bypassed.\r\nOnly systems that have a HTTP proxy configured can be vulnerable.\r\n\r\nOne particular nasty exploit is where a remote server, aided by a\r\nhostile applet, hijacks a browsers persistent HTTP connection to its\r\nconfigured HTTP proxy.\r\n\r\n===Affected software & patch availability; vendor bulletins\r\n\r\n =Sun\r\n\r\n Bulletin Number: #00216\r\n Date: March 4, 2002\r\n Title: HttpURLConnection\r\n http://sunsolve.Sun.COM/pub-cgi/secBulletin.pl\r\n (At the time of this writing bulletin 216 was not available on\r\n the website yet.)\r\n\r\n =Microsoft\r\n\r\n Microsoft Security Bulletin MS02-013\r\n Java Applet Can Redirect Browser Traffic\r\n Originally posted: March 04, 2002\r\n http://www.microsoft.com/technet/treeview/default.asp?\r\n url=/technet/security/bulletin/MS02-013.asp\r\n (URL is wrapped, please fix.)\r\n\r\n =Netscape\r\n Sun JVM (Java Virtual Machine) Issue\r\n http://home.netscape.com/security/\r\n\r\n\r\n===Vendor contact\r\nShortly after I, more or less by coincidence, discovered the issue, I\r\nreported it to Sun on April 07, 2001. They communicated it to their\r\nJava licensees, and coordinated a synchronized response.\r\n\r\n =Free Java implementations\r\nI audited both Kaffe and GNU Classpath class libraries, and to the\r\nbest of my knowledge, they are not vulnerable to this issue. Anyone\r\nout there developing a free(TM) Java, please contact me if you have\r\nquestions or concerns, and I will be happy to assist you in any way I\r\ncan.\r\n\r\n===Disclosure policy\r\nI do not plan to release details of the vulnerability, that could make\r\nit easier for crackers to get exploits, before a three month grace\r\nperiod has expired. Customers should not to assume that the lack of\r\nvulnerability details at this time will prevent the creation of\r\nexploit programs.\r\n\r\n===Detailed problem description\r\nNo details are provided at this time.\r\nSee Disclosure policy.\r\n\r\n===PoC-exploit\r\nI supplied Sun with a PoC-exploit, and they passed it on to other\r\nvendors. No further distribution is expected.\r\n\r\n===Software I tested/audited myself.\r\nSun/Blackdown 1.1.7/8, 1.2.2, 1.3.0/1 linux/win32\r\nNetscape 4.61 default Java Runtime linux\r\nMSIE 5.0 default Java Runtime win32\r\nHotJava Browser 3.0\r\nKaffe 1.06\r\nGNU Classpath 0.03\r\n\r\n===Acknowledgment\r\nThanks to the vendors for addressing the issue. Special thanks to\r\nSun, in particular Chok Poh, for coordinating.\r\n\r\n===Disclaimer & Copying\r\nThis comes with ABSOLUTELY NO WARRANTY!\r\nCopying in whole and quoting parts permitted.\r\n\r\n===History\r\nVersion 1.0 is the first release of this document.\r\nUpdates http://www.xs4all.nl/~harmwal/issue/wal-01.txt\r\n\r\n===Contact\r\nAuthor Harmen van der Wal\r\nMail harmwal@xs4all.nl\r\nPGP http://www.xs4all.nl/~harmwal/harmen.pgp.txt\r\n\r\n===End===\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\niD8DBQE8hBnWqX9LFhm8cvYRAsXwAJ4jr1pm6lTqarPmbZNhuc4gGAwNSACeMIg9\r\nnEyfEY6Us0AxLR0FoKFM/Q0=\r\n=a9rw\r\n-----END PGP SIGNATURE-----\r\n\r\n-- \r\nHarmen van der Wal - http://www.xs4all.nl/~harmwal/\r\n\r\n", "modified": "2002-03-05T00:00:00", "published": "2002-03-05T00:00:00", "id": "SECURITYVULNS:DOC:2587", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:2587", "title": "Java HTTP proxy vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2020-01-01T01:42:19", "bulletinFamily": "scanner", "description": "The Microsoft VM is a virtual machine for the Win32 operating\nenvironment.\n\nThere are numerous security flaws in the remote Microsoft VM that could\nallow an attacker to execute arbitrary code on this host.\n\nTo exploit these flaws, an attacker would need to set up a malicious web\nsite with a rogue Java applet and lure the user of this host to visit\nit. The Java applet could then execute arbitrary commands on this\nhost.", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS02-013.NASL", "href": "https://www.tenable.com/plugins/nessus/11326", "published": "2003-03-06T00:00:00", "title": "MS02-013: Cumulative VM Update (300845)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# Ref: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-013\n#\n# Supercedes : MS99-031, MS99-045, MS00-011, MS00-059, MS00-075, MS00-081\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11326);\n script_version(\"1.49\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\"CVE-2002-0058\", \"CVE-2002-0076\");\n script_bugtraq_id(4228, 4313);\n script_xref(name:\"MSFT\", value:\"MS02-013\");\n script_xref(name:\"MSKB\", value:\"300845\");\n\n script_name(english:\"MS02-013: Cumulative VM Update (300845)\");\n script_summary(english:\"Determines the version of JView.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"Arbitrary code can be executed on the remote host through the VM.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft VM is a virtual machine for the Win32 operating\nenvironment.\n\nThere are numerous security flaws in the remote Microsoft VM that could\nallow an attacker to execute arbitrary code on this host.\n\nTo exploit these flaws, an attacker would need to set up a malicious web\nsite with a rogue Java applet and lure the user of this host to visit\nit. The Java applet could then execute arbitrary commands on this\nhost.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft VM is no longer supported, and previous updates are no no\nlonger available. Upgrade to an actively supported product.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_nt_ms03-011.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n#\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\n\ninclude(\"misc_func.inc\");\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS02-013';\nkb = '300845';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nif (hotfix_check_sp(nt:7, win2k:4, xp:1) <= 0) exit(0, 'The host is not affected based on its version / service pack.');\n\nif ( get_kb_item(\"KB816093\") ) exit(0, \"KB816093 is installed.\");\nif (!is_accessible_share()) exit(1, \"is_accessible_share() failed.\");\n\n\nif (hotfix_is_vulnerable(file:\"Jview.exe\",version:\"5.0.3.3805\",dir:\"\\system32\", bulletin:bulletin, kb:kb))\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n exit(0, \"The host is not affected\");\n}\n\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
