CVE-2002-0152 - Vulnerability Details - OpenCVE

Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Entourage Excel Ie Office Outlook Express Powerpoint

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:entourage:2001::macos:::::
	cpe:2.3:a:microsoft:entourage:v._x::macos:::::
	cpe:2.3:a:microsoft:excel:2001::mac_os_x:::::
	cpe:2.3:a:microsoft:excel:x::mac_os_x:::::
	cpe:2.3:a:microsoft:ie:5.1::mac_os:::::
	cpe:2.3:a:microsoft:office:2001::macos:::::
	cpe:2.3:a:microsoft:office:2001:sr1:mac_os:::::*
	cpe:2.3:a:microsoft:office:v.x::mac:::::
	cpe:2.3:a:microsoft:outlook_express:5.0::macos:::::
	cpe:2.3:a:microsoft:outlook_express:5.0.1::macos:::::
	cpe:2.3:a:microsoft:outlook_express:5.0.2::macos:::::
	cpe:2.3:a:microsoft:outlook_express:5.0.3::macos:::::
	cpe:2.3:a:microsoft:powerpoint:98::macos:::::
	cpe:2.3:a:microsoft:powerpoint:2001::macos:::::
	cpe:2.3:a:microsoft:powerpoint:v.x::macos:::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=101897994314015&w=2
http://www.iss.net/security_center/static/8850.php
http://www.osvdb.org/5357
http://www.securityfocus.com/bid/4517
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2024-08-08T02:42:27.609Z

Reserved: 2002-03-19T00:00:00

Link: CVE-2002-0152

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-04-22T04:00:00.000

Modified: 2024-11-20T23:38:26.087

Link: CVE-2002-0152

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20020416 w00w00 on Microsoft IE/Office for Mac OS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101897994314015&w=2"}, {"name": "MS02-019", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"}, {"name": "5357", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/5357"}, {"name": "4517", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4517"}, {"name": "ms-mac-html-file-bo(8850)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8850.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0152", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20020416 w00w00 on Microsoft IE/Office for Mac OS", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101897994314015&w=2"}, {"name": "MS02-019", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"}, {"name": "5357", "refsource": "OSVDB", "url": "http://www.osvdb.org/5357"}, {"name": "4517", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4517"}, {"name": "ms-mac-html-file-bo(8850)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8850.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:42:27.609Z"}, "title": "CVE Program Container", "references": [{"name": "20020416 w00w00 on Microsoft IE/Office for Mac OS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101897994314015&w=2"}, {"name": "MS02-019", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"}, {"name": "5357", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/5357"}, {"name": "4517", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4517"}, {"name": "ms-mac-html-file-bo(8850)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8850.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0152", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-19T00:00:00", "dateUpdated": "2024-08-08T02:42:27.609Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:entourage:2001:*:macos:*:*:*:*:*", "matchCriteriaId": "CB669A95-12A3-4AD4-8949-F77117F22E15", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:entourage:v._x:*:macos:*:*:*:*:*", "matchCriteriaId": "35885642-BB7D-4DEF-A340-387E57FBBDB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2001:*:mac_os_x:*:*:*:*:*", "matchCriteriaId": "8BC60CAC-F011-42FA-A3D1-1EA5A2410EF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:x:*:mac_os_x:*:*:*:*:*", "matchCriteriaId": "DA71E158-6D0A-4BEF-8471-FE5C864E7073", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2001:*:macos:*:*:*:*:*", "matchCriteriaId": "1C8FF0C2-39E8-4F73-958B-2BB195C5B559", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2001:sr1:mac_os:*:*:*:*:*", "matchCriteriaId": "68257FB3-3280-4299-A96B-613F60D797C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*", "matchCriteriaId": "1A57804E-CD79-4431-AA97-0F85C2CE20C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:macos:*:*:*:*:*", "matchCriteriaId": "0C607D22-B01D-4404-9657-0D322CE59B0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.1:*:macos:*:*:*:*:*", "matchCriteriaId": "A47283EA-513A-4EDC-BADA-659AFA28EA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.2:*:macos:*:*:*:*:*", "matchCriteriaId": "EBA048BD-04A9-4BB9-9F3C-60FB1BE1D2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.3:*:macos:*:*:*:*:*", "matchCriteriaId": "FB6349F9-6C93-48A1-92F6-18BF1D286DF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:98:*:macos:*:*:*:*:*", "matchCriteriaId": "41CB2081-C1DB-4DB6-87AC-E6A8BCABDB5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2001:*:macos:*:*:*:*:*", "matchCriteriaId": "0602ABD8-0A65-47D5-9D04-6FD1A2F39B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:v.x:*:macos:*:*:*:*:*", "matchCriteriaId": "DA57624A-D658-42D9-A197-1C8A7ED6ACF2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh."}, {"lang": "es", "value": "Desbordamiento de buffer en varias aplicaciones de Microsoft para Macintosht permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario invocando la directiva file:// con un n\u00famero grande de caracteres /. Afecta a Internet Explorer 5.1, Outlook Express 5.0 a 5.0.2, Entourage v. X y 2001, PowerPoint v.X, 2001 y 98, y Excel V.X y 2001 para Macintosh."}], "id": "CVE-2002-0152", "lastModified": "2024-11-20T23:38:26.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-04-22T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101897994314015&w=2"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8850.php"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/5357"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4517"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=101897994314015&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8850.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}