Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0371

4 documents4 sources

Severity

7.5HIGH

EPSS

60.2%

top 1.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer Microsoft ISA Server Microsoft Proxy Server

Timeline

PublishedJul 3

Latest updateApr 30

Description

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmicrosoft/proxy_server2.0

▶NVDmicrosoft/isa_server2000

▶NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2

🔴Vulnerability Details

GHSA

GHSA-8j2q-vv7q-mp98: Buffer overflow in gopher client for Microsoft Internet Explorer 5↗2022-04-30

▶

CVEList

CVE-2002-0371: Buffer overflow in gopher client for Microsoft Internet Explorer 5↗2002-06-15

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5/6 / Microsoft ISA Server 2000 / Microsoft Proxy Server 2.0 Gopher Client - Remote Buffer Overflow↗2002-07-27

▶