Vulnerability Name:

CVE-2002-0692 (CCN-10194)

Assigned:2002-09-25
Published:2002-09-25
Updated:2019-04-30
Summary:Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Fri Sep 27 2002 - 08:07:51 CDT
Buffer Overrun in SmartHTML Interpreter Could Allow Code Executio n (Q324096)

Source: MITRE
Type: CNA
CVE-2002-0692

Source: XF
Type: UNKNOWN
fpse-smarthtml-interpreter-dos(10194)

Source: XF
Type: Vendor Advisory
fpse-smarthtml-interpreter-bo(10195)

Source: CCN
Type: US-CERT VU#723537
Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#723537

Source: CCN
Type: Microsoft Security Bulletin MS02-053
Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)

Source: CCN
Type: Microsoft Security Bulletin MS03-051
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)

Source: BID
Type: UNKNOWN
5804

Source: CCN
Type: BID-5804
Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS02-053

Source: XF
Type: UNKNOWN
fpse-smarthtml-interpreter-dos(10194)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0692 (CCN-10195)

    Assigned:2002-09-25
    Published:2002-09-25
    Updated:2019-04-30
    Summary:Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Fri Sep 27 2002 - 08:07:51 CDT
    Buffer Overrun in SmartHTML Interpreter Could Allow Code Executio n (Q324096)

    Source: MITRE
    Type: CNA
    CVE-2002-0692

    Source: CCN
    Type: CIAC Information Bulletin M-129
    Microsoft FrontPage SmartHTML Interpreter Vulnerability

    Source: CCN
    Type: US-CERT VU#723537
    Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability

    Source: CCN
    Type: Microsoft Security Bulletin MS02-053
    Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)

    Source: CCN
    Type: Microsoft Security Bulletin MS03-051
    Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)

    Source: CCN
    Type: Microsoft Security Bulletin MS06-017
    Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

    Source: CCN
    Type: BID-5804
    Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability

    Source: XF
    Type: UNKNOWN
    fpse-smarthtml-interpreter-bo(10195)

    Source: CCN
    Type: Microsoft Knowledge Base Article 324096
    MS02-053: Request to SmartHTML Interpreter May Monopolize Web Server CPU Resources

    Source: CCN
    Type: Microsoft Knowledge Base Article 329085
    FP2000: FrontPage 2000 Server Extensions Security Update: September 25, 2002

    Source: CCN
    Type: Microsoft Knowledge Base Article 329086
    FP2002: FrontPage 2002 Server Extensions Security Update: September 25, 2002

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft frontpage server extensions 2000
    microsoft frontpage server extensions 2002
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft frontpage server extensions 2000
    microsoft frontpage server extensions 2002