| Vulnerability Name: | CVE-2002-0620 (CCN-9423) | ||||||||
| Assigned: | 2002-06-26 | ||||||||
| Published: | 2002-06-26 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR03062002 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 Source: MITRE Type: CNA CVE-2002-0620 Source: CCN Type: Microsoft Security Bulletin MS02-033 Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273) Source: CCN Type: OSVDB ID: 14430 Microsoft Commerce Server 2000 Profile Service Affected API Overflow Source: BID Type: UNKNOWN 4853 Source: CCN Type: BID-4853 Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability Source: MS Type: UNKNOWN MS02-033 Source: XF Type: UNKNOWN mscs-profile-service-bo(9423) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||