// For flags

CVE-2001-1099

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2001-09-07 CVE Published
  • 2002-03-15 CVE Reserved
  • 2023-03-07 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
2.5
Search vendor "Symantec" for product "Norton Antivirus" and version "2.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
2000
Search vendor "Microsoft" for product "Exchange Server" and version "2000"
-
Safe
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
2.5
Search vendor "Symantec" for product "Norton Antivirus" and version "2.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
2000
Search vendor "Microsoft" for product "Exchange Server" and version "2000"
sp1
Safe