Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0371

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0371
Last Modified 10 Sep 2008 08:01:02
Published 03 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0371

Summary

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0

  • Microsoft Isa Server 2000

  • Microsoft Proxy Server 2.0

  • University Of Minnesota Gopher


References

CERT-VN - VU#440275

MS - MS02-027

BUGTRAQ - 20020604 Buffer overflow in MSIE gopher code

BID - 4930

MISC - http://www.pivx.com/workaround_fail.html

XF - ie-gopher-bo(9247)

BUGTRAQ - 20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70

BUGTRAQ - 20020613 Microsoft releases critical fix that breaks their own software!


Last Updated: 27 May 2016 10:36:53