Vulnerability Name: | CVE-2002-0622 (CCN-9425) | ||||||||
Assigned: | 2002-06-26 | ||||||||
Published: | 2002-06-26 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR03062002 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 Source: MITRE Type: CNA CVE-2002-0622 Source: XF Type: UNKNOWN mscs-owc-installer-permissions(9425) Source: CCN Type: Microsoft Security Bulletin MS02-033 Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273) Source: OSVDB Type: UNKNOWN 5170 Source: CCN Type: OSVDB ID: 5170 Microsoft Commerce Server OWC Installer Arbitrary Command Execution Source: BID Type: UNKNOWN 5111 Source: CCN Type: BID-5111 Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability Source: MS Type: UNKNOWN MS02-033 Source: XF Type: UNKNOWN mscs-owc-installer-permissions(9425) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |