7.5

CVE-2002-0698

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version5.5 Update-
MicrosoftExchange Server Version5.5 Updatesp1
MicrosoftExchange Server Version5.5 Updatesp2
MicrosoftExchange Server Version5.5 Updatesp3
MicrosoftExchange Server Version5.5 Updatesp4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.26% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759
Broken Link
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ326322
http://www.iss.net/security_center/static/9658.php
Broken Link
http://www.securityfocus.com/bid/5306
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037
Patch
Vendor Advisory