Lucene search

[email protected]CVE-2002-1441

HistoryApr 11, 2003 - 4:00 a.m.

CVE-2002-1441

2003-04-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-1441

buffer overflow

remote code execution

tomahawk steelarrow

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.

CPENameOperatorVersion
tomahawk_technologies:steelarrowtomahawk technologies steelarroweq4.1

CPE	Name	Operator	Version
tomahawk_technologies:steelarrow	tomahawk technologies steelarrow	eq	4.1

References

archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html

online.securityfocus.com/archive/1/288013

www.iss.net/security_center/static/9888.php

www.iss.net/security_center/static/9889.php

www.iss.net/security_center/static/9890.php

www.nextgenss.com/advisories/steel-arrow-bo.txt

www.nextgenss.com/vna/tom-saro.txt

www.securityfocus.com/bid/4860

www.securityfocus.com/bid/5494

www.securityfocus.com/bid/5495

www.securityfocus.com/bid/5496

www.steelarrow.com/

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON