Executive Summary

Informations
Name CVE-2002-0371 First vendor Publication 2002-07-03
Vendor Cve Last vendor Modification 2021-07-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0371

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:98
 
Oval ID: oval:org.mitre.oval:def:98
Title: Gopher Client Buffer Overflow
Description: Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
Family: windows Class: vulnerability
Reference(s): CVE-2002-0371
 Version: 3
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Application 2
Application 2
Application 1

OpenVAS Exploits

Date Description
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
3004 Microsoft IE Gopher Client Overflow

Microsoft Internet Explorer contains a flaw in it's built-in Gopher client. The flaw is due to an exploitable buffer overflow when gopher:// URLs are parsed. An attacker can exploit this bug by creating a malicious HTML page with a crafted gopher:// URL that overflows the buffer and injects shell code.

Nessus® Vulnerability Scanner

Date Description
2003-03-02 Name : The HTTP proxy accepts gopher:// requests.
File : proxy_gopher.nasl - Type : ACT_GATHER_INFO
2002-02-13 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/4930
BUGTRAQ http://marc.info/?l=bugtraq&m=102320516707940&w=2
http://marc.info/?l=bugtraq&m=102397955217618&w=2
http://online.securityfocus.com/archive/1/276848
CERT-VN http://www.kb.cert.org/vuls/id/440275
MISC http://www.pivx.com/workaround_fail.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
XF http://www.iss.net/security_center/static/9247.php

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Date Informations
2021-07-27 00:24:38
  • Multiple Updates
2021-07-24 01:44:16
  • Multiple Updates
2021-07-24 01:01:21
  • Multiple Updates
2021-07-23 17:24:42
  • Multiple Updates
2021-07-23 01:44:04
  • Multiple Updates
2021-07-23 01:01:20
  • Multiple Updates
2021-07-22 21:24:59
  • Multiple Updates
2021-05-04 12:01:39
  • Multiple Updates
2021-04-22 01:01:47
  • Multiple Updates
2020-05-23 00:14:57
  • Multiple Updates
2018-10-13 00:22:25
  • Multiple Updates
2017-10-11 09:23:15
  • Multiple Updates
2016-10-18 12:01:00
  • Multiple Updates
2016-04-26 12:08:28
  • Multiple Updates
2014-02-17 10:24:37
  • Multiple Updates
2013-05-11 12:09:09
  • Multiple Updates