CVE-2003-0236

Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10	Vendor Advisory
http://www.securityfocus.com/bid/7462	Vendor Advisory
http://www.securityfocus.com/bid/7463	Vendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
http://marc.info/?l=bugtraq&m=105216842131995&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/11939

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mirabilis:icq:2000.0a:::::::*
	cpe:2.3:a:mirabilis:icq:2002a_build3727:::::::*
	cpe:2.3:a:mirabilis:icq:2003a_build3777:::::::*
	cpe:2.3:a:mirabilis:icq:2001b_build3659:::::::*
	cpe:2.3:a:mirabilis:icq:2002a_build3722:::::::*
	cpe:2.3:a:mirabilis:icq:2000.0b_build3278:::::::*
	cpe:2.3:a:mirabilis:icq:2001a:::::::*
	cpe:2.3:a:mirabilis:icq:2003a_build3799:::::::*
	cpe:2.3:a:mirabilis:icq:2003a_build3800:::::::*
	cpe:2.3:a:mirabilis:icq:2001b_build3636:::::::*
	cpe:2.3:a:mirabilis:icq:2001b_build3638:::::::*
	cpe:2.3:a:mirabilis:icq:99a_2.21build1800:::::::*
	cpe:2.3:a:mirabilis:icq:99a_2.15build1701:::::::*

Information

Published : 2003-05-26 21:00

Updated : 2017-07-10 18:29

NVD link : CVE-2003-0236

Mitre link : CVE-2003-0236

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

mirabilis

icq

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "name": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/7462", "name": "7462", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/7463", "name": "7463", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "name": "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "tags": [], "refsource": "VULNWATCH"}, {"url": "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "name": "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11939", "name": "icq-pop3-email-bo(11939)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0236", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2003-05-27T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}