Lucene search

[email protected]CVE-2002-0366

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0366

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0366

buffer overflow

ras phonebook

windows nt 4.0

windows 2000

windows xp

code execution

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_ntMatch4.0enterprise_server

microsoftwindows_ntMatch4.0server

microsoftwindows_ntMatch4.0terminal_server

microsoftwindows_ntMatch4.0workstation

microsoftwindows_ntMatch4.0sp1enterprise_server

microsoftwindows_ntMatch4.0sp1server

microsoftwindows_ntMatch4.0sp1terminal_server

microsoftwindows_ntMatch4.0sp1workstation

microsoftwindows_ntMatch4.0sp2enterprise_server

microsoftwindows_ntMatch4.0sp2server

microsoftwindows_ntMatch4.0sp2terminal_server

microsoftwindows_ntMatch4.0sp2workstation

microsoftwindows_ntMatch4.0sp3enterprise_server

microsoftwindows_ntMatch4.0sp3server

microsoftwindows_ntMatch4.0sp3terminal_server

microsoftwindows_ntMatch4.0sp3workstation

microsoftwindows_ntMatch4.0sp4enterprise_server

microsoftwindows_ntMatch4.0sp4server

microsoftwindows_ntMatch4.0sp4terminal_server

microsoftwindows_ntMatch4.0sp4workstation

microsoftwindows_ntMatch4.0sp5enterprise_server

microsoftwindows_ntMatch4.0sp5server

microsoftwindows_ntMatch4.0sp5terminal_server

microsoftwindows_ntMatch4.0sp5workstation

microsoftwindows_ntMatch4.0sp6enterprise_server

microsoftwindows_ntMatch4.0sp6server

microsoftwindows_ntMatch4.0sp6terminal_server

microsoftwindows_ntMatch4.0sp6workstation

microsoftwindows_ntMatch4.0sp6aenterprise_server

microsoftwindows_ntMatch4.0sp6aserver

microsoftwindows_ntMatch4.0sp6aterminal_server

microsoftwindows_ntMatch4.0sp6aworkstation

microsoftwindows_xp64-bit

microsoftwindows_xphome

microsoftwindows_xpgoldprofessional

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_xp	microsoft windows xp	eq	*

References

online.securityfocus.com/archive/1/276776

online.securityfocus.com/archive/1/278145

www.nextgenss.com/vna/ms-ras.txt

www.securityfocus.com/bid/4852

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-029

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A61

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A63

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for CVE-2002-0366

nvd1 nessus1 cvelist1 cert1