Vulnerability Details : CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
Exploit prediction scoring system (EPSS) score for CVE-2001-1099
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-1099
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2001-1099
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2001-1099
-
http://www.securityfocus.com/bid/3305
Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.securityfocus.com/archive/1/213762
Third Party Advisory;VDB Entry;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/7093
VDB Entry
-
http://www.securityfocus.com/archive/1/212724
Third Party Advisory;VDB Entry;Vendor Advisory
Products affected by CVE-2001-1099
- cpe:2.3:a:symantec:norton_antivirus:2.5:*:*:*:*:*:*:*