CVE-2002-0049

Current Description

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

Basic Data

PublishedMarch 08, 2002
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftExchange Server2000*******

Vulnerable Software List

VendorProductVersions
Microsoft Exchange Server 2000

References

NameSourceURLTags
2042http://www.osvdb.org/2042OSVDB
4053http://www.securityfocus.com/bid/4053BIDPatch Vendor Advisory
MS02-003https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003MS
exchange-attendant-incorrect-permissions(8092)https://exchange.xforce.ibmcloud.com/vulnerabilities/8092XF
oval:org.mitre.oval:def:1022https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022OVAL