Vulnerability Details : CVE-2002-0370
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2002-0370
- cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:r5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:r6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_98_plus_pack:*:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:allume_systems_division:stuffit_expander:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:verity:keyview_viewing_sdk:gold:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0370
4.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0370
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-0370
-
http://www.iss.net/security_center/static/10251.php
Vendor Advisory
-
http://www.info.apple.com/usen/security/security_updates.html
-
http://www.securityfocus.com/bid/5873
Patch;Vendor Advisory
-
http://securityreason.com/securityalert/587
-
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
-
http://www.kb.cert.org/vuls/id/383779
Third Party Advisory;US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054
-
http://www.info-zip.org/FAQ.html
Info-ZIP Frequently Asked Questions
-
http://marc.info/?l=bugtraq&m=103428193409223&w=2
Jump to