Vulnerability Name:

CVE-2002-0622 (CCN-9425)

Assigned:2002-06-26
Published:2002-06-26
Updated:2018-10-12
Summary:The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR03062002
Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2

Source: MITRE
Type: CNA
CVE-2002-0622

Source: XF
Type: UNKNOWN
mscs-owc-installer-permissions(9425)

Source: CCN
Type: Microsoft Security Bulletin MS02-033
Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273)

Source: OSVDB
Type: UNKNOWN
5170

Source: CCN
Type: OSVDB ID: 5170
Microsoft Commerce Server OWC Installer Arbitrary Command Execution

Source: BID
Type: UNKNOWN
5111

Source: CCN
Type: BID-5111
Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability

Source: MS
Type: UNKNOWN
MS02-033

Source: XF
Type: UNKNOWN
mscs-owc-installer-permissions(9425)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:commerce_server:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:commerce_server:2000:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:commerce_server:2000:sp2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:commerce_server:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:commerce_server:2002:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft commerce server 2000
    microsoft commerce server 2000 sp1
    microsoft commerce server 2000 sp2
    microsoft commerce server 2000
    microsoft commerce server 2002
    microsoft internet information server 5.0