Lucene search

MitreCVE-2002-2361

HistoryOct 29, 2007 - 7:00 p.m.

CVE-2002-2361

2007-10-2919:00:00

CWE-264

mitre

web.nvd.nist.gov

yahoo! messenger

installer

trojan programs

dns spoofing

cve-2002-2361

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

Affected configurations

Nvd

Node

yahoomessengerMatch4.0

yahoomessengerMatch5.0

yahoomessengerMatch5.5

VendorProductVersionCPE
yahoomessenger4.0cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*
yahoomessenger5.0cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*
yahoomessenger5.5cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yahoo	messenger	4.0	cpe:2.3:a:yahoo:messenger:4.0:::::::*
yahoo	messenger	5.0	cpe:2.3:a:yahoo:messenger:5.0:::::::*
yahoo	messenger	5.5	cpe:2.3:a:yahoo:messenger:5.5:::::::*

References

cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html

www.iss.net/security_center/static/9984.php

www.securityfocus.com/bid/5579

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

Related for CVE-2002-2361