Lucene search

[email protected]NVD:CVE-2002-2361

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2361

2002-12-3105:00:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

Affected configurations

Nvd

Node

yahoomessengerMatch4.0

yahoomessengerMatch5.0

yahoomessengerMatch5.5

VendorProductVersionCPE
yahoomessenger4.0cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*
yahoomessenger5.0cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*
yahoomessenger5.5cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yahoo	messenger	4.0	cpe:2.3:a:yahoo:messenger:4.0:::::::*
yahoo	messenger	5.0	cpe:2.3:a:yahoo:messenger:5.0:::::::*
yahoo	messenger	5.5	cpe:2.3:a:yahoo:messenger:5.5:::::::*

References

cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html

www.iss.net/security_center/static/9984.php

www.securityfocus.com/bid/5579

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

Related for NVD:CVE-2002-2361

cvelist1 cve1