CVE-2001-1099

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/212724	Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/archive/1/213762	Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/3305	Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7093	VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:symantec:norton_antivirus:2.5:*:*:*:*:*:*:*

OR	cpe:2.3:a:microsoft:exchange_server:2000:-::::::
	cpe:2.3:a:microsoft:exchange_server:2000:sp1::::::

Information

Published : 2001-09-06 21:00

Updated : 2020-04-02 05:51

NVD link : CVE-2001-1099

Mitre link : CVE-2001-1099

JSON object : View

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

Products Affected

symantec

norton_antivirus

microsoft

exchange_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/212724", "name": "20010907 Microsoft Exchange + Norton AntiVirus leak local information", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/213762", "name": "20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/3305", "name": "3305", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7093", "name": "nav-exchange-reveal-information(7093)", "tags": ["VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-434"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-1099", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-09-07T04:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-04-02T12:51Z"}