Lucene search

[email protected]CVE-2002-0371

HistoryJul 03, 2002 - 4:00 a.m.

CVE-2002-0371

2002-07-0304:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0371

buffer overflow

microsoft internet explorer

proxy server

isa server

remote attack

arbitrary code execution

gopher client

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.583 Medium

EPSS

Percentile

97.7%

JSON

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch5.0.1

microsoftinternet_explorerMatch5.0.1sp1

microsoftinternet_explorerMatch5.0.1sp2

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6.0

microsoftisa_serverMatch2000

microsoftisa_serverMatch2000sp1

microsoftproxy_serverMatch2.0

microsoftproxy_serverMatch2.0sp1

university_of_minnesotagopher

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq6.0
microsoft:isa_servermicrosoft isa servereq2000
microsoft:proxy_servermicrosoft proxy servereq2.0
university_of_minnesota:gopheruniversity of minnesota gophereq*

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	6.0
microsoft:isa_server	microsoft isa server	eq	2000
microsoft:proxy_server	microsoft proxy server	eq	2.0
university_of_minnesota:gopher	university of minnesota gopher	eq	*

References

marc.info/?l=bugtraq&m=102320516707940&w=2

marc.info/?l=bugtraq&m=102397955217618&w=2

online.securityfocus.com/archive/1/276848

www.iss.net/security_center/static/9247.php

www.kb.cert.org/vuls/id/440275

www.pivx.com/workaround_fail.html

www.securityfocus.com/bid/4930

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.583 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2002-0371

cert1 cvelist1 nvd2 nessus1 cve1