CVE-2001-1099

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/212724	Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/archive/1/213762	Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/3305	Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7093	VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:symantec:norton_antivirus:2.5:*:*:*:*:*:*:*

OR	cpe:2.3:a:microsoft:exchange_server:2000:-::::::
	cpe:2.3:a:microsoft:exchange_server:2000:sp1::::::

History

No history.

Information

Published : 2001-09-07 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2001-1099

Mitre link : CVE-2001-1099

CVE.ORG link : CVE-2001-1099

JSON object : View

Products Affected

symantec

norton_antivirus

microsoft

exchange_server

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2001-1099", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-09-07T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/212724", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/213762", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3305", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7093", "tags": ["VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice."}], "lastModified": "2020-04-02T12:51:15.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:norton_antivirus:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC60140-2135-4E25-BC27-049E819616F5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF429469-1B63-4BF3-A59F-F8180226BB6D"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "34300FD4-EC3B-4206-B6C0-1345F17EC5EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}