7.5
CVE-2002-0698
- EPSS 20.26%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version5.5 Update-
Microsoft ≫ Exchange Server Version5.5 Updatesp1
Microsoft ≫ Exchange Server Version5.5 Updatesp2
Microsoft ≫ Exchange Server Version5.5 Updatesp3
Microsoft ≫ Exchange Server Version5.5 Updatesp4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.26% | 0.971 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ326322
http://www.iss.net/security_center/static/9658.php
http://www.securityfocus.com/bid/5306
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037