Lucene search

[email protected]CVE-2002-2361

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2361

2002-12-3105:00:00

CWE-264

[email protected]

web.nvd.nist.gov

yahoo! messenger

installer

trojan programs

dns spoofing

cve-2002-2361

nvd

7.5 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

CPENameOperatorVersion
yahoo:messengeryahoo messengereq5.5
yahoo:messengeryahoo messengereq5.0
yahoo:messengeryahoo messengereq4.0

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	eq	5.5
yahoo:messenger	yahoo messenger	eq	5.0
yahoo:messenger	yahoo messenger	eq	4.0

References

cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html

www.iss.net/security_center/static/9984.php

www.securityfocus.com/bid/5579

7.5 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2002-2361

cvelist1