CVE-2002-0049

Current Description

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

Basic Data

PublishedMarch 08, 2002
Last ModifiedApril 02, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-269
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftExchange Server2000-******

Vulnerable Software List

VendorProductVersions
Microsoft Exchange Server 2000

References

NameSourceURLTags
2042http://www.osvdb.org/2042OSVDBBroken Link
4053http://www.securityfocus.com/bid/4053BIDPatch Third Party Advisory VDB Entry
MS02-003https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003MSPatch Vendor Advisory
exchange-attendant-incorrect-permissions(8092)https://exchange.xforce.ibmcloud.com/vulnerabilities/8092XFThird Party Advisory VDB Entry
oval:org.mitre.oval:def:1022https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022OVALThird Party Advisory