CVE-2003-0236

Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
http://marc.info/?l=bugtraq&m=105216842131995&w=2
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10	Vendor Advisory
http://www.securityfocus.com/bid/7462	Vendor Advisory
http://www.securityfocus.com/bid/7463	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11939

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mirabilis:icq:99a_2.15build1701:::::::*
	cpe:2.3:a:mirabilis:icq:99a_2.21build1800:::::::*
	cpe:2.3:a:mirabilis:icq:2000.0a:::::::*
	cpe:2.3:a:mirabilis:icq:2000.0b_build3278:::::::*
	cpe:2.3:a:mirabilis:icq:2001a:::::::*
	cpe:2.3:a:mirabilis:icq:2001b_build3636:::::::*
	cpe:2.3:a:mirabilis:icq:2001b_build3638:::::::*
	cpe:2.3:a:mirabilis:icq:2001b_build3659:::::::*
	cpe:2.3:a:mirabilis:icq:2002a_build3722:::::::*
	cpe:2.3:a:mirabilis:icq:2002a_build3727:::::::*
	cpe:2.3:a:mirabilis:icq:2003a_build3777:::::::*
	cpe:2.3:a:mirabilis:icq:2003a_build3799:::::::*
	cpe:2.3:a:mirabilis:icq:2003a_build3800:::::::*

History

No history.

Information

Published : 2003-05-27 04:00

Updated : 2017-07-11 01:29

NVD link : CVE-2003-0236

Mitre link : CVE-2003-0236

CVE.ORG link : CVE-2003-0236

JSON object : View

Products Affected

mirabilis

icq

CWE

NVD-CWE-Other

{"id": "CVE-2003-0236", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-05-27T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7462", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7463", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11939", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers."}, {"lang": "es", "value": "Error en las signaturas de enteros en cliente POP3 para Mirabilis ICQ Pro 2003a permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante los encabezamientos \"Subject\" o \"Date\"."}], "lastModified": "2017-07-11T01:29:29.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9CB6B89-E3B1-4096-AF07-C9E74BFCABDC"}, {"criteria": "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7181BF12-E9B6-4F8E-B1D0-3251007389D8"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7B95B0-8CCB-4561-B354-80925B9769D6"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C1E49E4-1BB4-40BF-AB6F-829ACAEDC581"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BEA5FE1-267D-41B3-AA41-794DA021C4A1"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B10F3133-2D77-4A16-9F16-766EB4B3C5DA"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E03F3686-071C-48E4-ABDD-BF68162CDC20"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC70672D-FE67-42C2-83D2-D1E554BF2C8B"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28ABA292-10F6-447A-9494-CA716B9F47FD"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0228FD42-8E98-472C-9C8A-D8396DF4E30E"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1884958-DBAB-4999-9EBF-96D363FF26D5"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74A65FB3-ECB5-45EF-9B53-9F55E55B2DA0"}, {"criteria": "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F0A9C10-A685-4D02-A9FF-6689441AF598"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}