CVE-2002-0285 : Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriag

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.

Published 2002-05-31 04:00:00

Updated 2016-10-18 02:18:21

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-0285

Probability of exploitation activity in the next 30 days: 1.84%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0285

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2002-0285

Products affected by CVE-2002-0285

Microsoft » Outlook Express » Version: 5.5
cpe:2.3:a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*
Matching versions
Microsoft » Outlook Express » Version: 6.0
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0285

Exploit prediction scoring system (EPSS) score for CVE-2002-0285

CVSS scores for CVE-2002-0285

References for CVE-2002-0285

Products affected by CVE-2002-0285