CVE-2002-1142

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
http://www.cert.org/advisories/CA-2002-33.html	Third Party Advisory US Government Resource
http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
http://www.kb.cert.org/vuls/id/542081	US Government Resource
http://www.securityfocus.com/bid/6214
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065
https://exchange.xforce.ibmcloud.com/vulnerabilities/10659
https://exchange.xforce.ibmcloud.com/vulnerabilities/10669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:data_access_components:2.1:::::::*
	cpe:2.3:a:microsoft:data_access_components:2.5:::::::*
	cpe:2.3:a:microsoft:data_access_components:2.6:::::::*
	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

History

23 Jul 2021, 12:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:ie:5.0.1:::::::* cpe:2.3:a:microsoft:ie:5.5:sp2:::::: cpe:2.3:a:microsoft:ie:5.5:sp1:::::: cpe:2.3:a:microsoft:ie:5.0.1:sp1:::::: cpe:2.3:a:microsoft:ie:5.0.1:sp2:::::: cpe:2.3:a:microsoft:ie:6.0:::::::* cpe:2.3:a:microsoft:ie:5.5:::::::*	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:6.0:::::::* cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*

Information

Published : 2002-11-29 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-1142

Mitre link : CVE-2002-1142

CVE.ORG link : CVE-2002-1142

JSON object : View

Products Affected

microsoft

ie
internet_explorer
data_access_components

CWE

NVD-CWE-Other

7.5 /10