CVE-2002-0371 - OpenCVE

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Isa Server Proxy Server
University Of Minnesota	Gopher

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
	cpe:2.3:a:microsoft:isa_server:2000:::::::*
	cpe:2.3:a:microsoft:isa_server:2000:sp1::::::
	cpe:2.3:a:microsoft:proxy_server:2.0:::::::*
	cpe:2.3:a:microsoft:proxy_server:2.0:sp1::::::
	cpe:2.3:a:university_of_minnesota:gopher::::::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=102320516707940&w=2
http://marc.info/?l=bugtraq&m=102397955217618&w=2
http://online.securityfocus.com/archive/1/276848
http://www.iss.net/security_center/static/9247.php
http://www.kb.cert.org/vuls/id/440275
http://www.pivx.com/workaround_fail.html
http://www.securityfocus.com/bid/4930
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-15T04:00:00

Updated: 2024-08-08T02:49:27.729Z

Reserved: 2002-05-08T00:00:00

Link: CVE-2002-0371

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-07-03T04:00:00.000

Modified: 2021-07-23T12:55:03.667

Link: CVE-2002-0371

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4930", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4930"}, {"name": "ie-gopher-bo(9247)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9247.php"}, {"name": "20020604 Buffer overflow in MSIE gopher code", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=102320516707940&w=2"}, {"name": "20020613 Microsoft releases critical fix that breaks their own software!", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=102397955217618&w=2"}, {"name": "oval:org.mitre.oval:def:98", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98"}, {"name": "VU#440275", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/440275"}, {"name": "MS02-027", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027"}, {"name": "20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/276848"}, {"tags": ["x_refsource_MISC"], "url": "http://www.pivx.com/workaround_fail.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0371", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4930", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4930"}, {"name": "ie-gopher-bo(9247)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9247.php"}, {"name": "20020604 Buffer overflow in MSIE gopher code", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=102320516707940&w=2"}, {"name": "20020613 Microsoft releases critical fix that breaks their own software!", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=102397955217618&w=2"}, {"name": "oval:org.mitre.oval:def:98", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98"}, {"name": "VU#440275", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/440275"}, {"name": "MS02-027", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027"}, {"name": "20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/276848"}, {"name": "http://www.pivx.com/workaround_fail.html", "refsource": "MISC", "url": "http://www.pivx.com/workaround_fail.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:49:27.729Z"}, "title": "CVE Program Container", "references": [{"name": "4930", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4930"}, {"name": "ie-gopher-bo(9247)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/9247.php"}, {"name": "20020604 Buffer overflow in MSIE gopher code", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=102320516707940&w=2"}, {"name": "20020613 Microsoft releases critical fix that breaks their own software!", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=102397955217618&w=2"}, {"name": "oval:org.mitre.oval:def:98", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98"}, {"name": "VU#440275", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/440275"}, {"name": "MS02-027", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027"}, {"name": "20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/276848"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.pivx.com/workaround_fail.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0371", "datePublished": "2002-06-15T04:00:00", "dateReserved": "2002-05-08T00:00:00", "dateUpdated": "2024-08-08T02:49:27.729Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*", "matchCriteriaId": "80744BD9-85A9-4E33-8C35-59C8C112AC62", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*", "matchCriteriaId": "7F2A1D83-7D2F-4408-B93E-FB53F724EB58", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F7BF233-8DE6-4DC4-B9ED-5D4A180DD8B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "CE48AD5F-D719-4D39-ACE1-53D0FE5F6525", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_minnesota:gopher:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DBBE0F3-7BBC-4FE8-BA0E-B1AC27B224F6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el cliente gopher de Microsoft Internet Explorer 5.1 a la 6.0, Proxy Server 2.0, o ISA Server 2000 permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo arbitrario mediante una URL gopher:// que redirige al usuario a un servidor gopher real o simulado que env\u00eda una respuesta larga."}], "id": "CVE-2002-0371", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-07-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=102320516707940&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=102397955217618&w=2"}, {"source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/276848"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/9247.php"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/440275"}, {"source": "cve@mitre.org", "url": "http://www.pivx.com/workaround_fail.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4930"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}