CVE-2002-0371

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 22 years ago

2002-07-03 04:00:00

Last updated 6 years ago

2018-10-12 21:31:00

Affected Software

Microsoft Internet Explorer 5.0.1

5.0.1

Microsoft Internet Explorer 5.0.1 SP1

5.0.1

Microsoft Internet Explorer 5.0.1 SP2

5.0.1

Microsoft ie 5.5

5.5

Microsoft Internet Explorer 5.5 SP1

5.5

Microsoft Internet Explorer 5.5 SP2

5.5

Microsoft Internet Explorer 6.0

6.0

Microsoft isa server 2000

2000

Microsoft isa_server 2000 sp1

2000

Microsoft proxy_server 2.0

2.0

References

20020604 Buffer overflow in MSIE gopher code

20020613 Microsoft releases critical fix that breaks their own software!

20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70

ie-gopher-bo(9247)

VU#440275

US Government Resource

http://www.pivx.com/workaround_fail.html

4930

MS02-027

oval:org.mitre.oval:def:98

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.