CVE-2002-0698
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
Desbordamiento de búfer en Internet Mail Connector (IMC) para Microsoft Exchange Server 5.5 permite que atacantes remotos ejecuten código arbitrario por medio de una petición EHLO desde un sistema con un nombre largo obtenido por búsqueda DNS inversa, lo cual provoca el desbordamiento de búfer en la respuesta de IMC.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-07-12 CVE Reserved
- 2002-08-12 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759 | Broken Link | |
| http://www.iss.net/security_center/static/9658.php | Broken Link | |
| http://www.securityfocus.com/bid/5306 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ326322 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp4 |
Affected
| ||||||