CVE-2002-0049

Severity CVSS v4.0:

Pending analysis

Type:

CWE-269 Improper Privilege Management

Publication date:

08/03/2002

Last modified:

03/04/2025

Description

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:P/A:N CVSS v2.0 Severity and Metrics:

Base Score: 6.40 MEDIUM
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): None

Base Score 2.0

6.40

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:microsoft:exchange_server:2000:-::::::

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://www.osvdb.org/2042
http://www.securityfocus.com/bid/4053
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003
https://exchange.xforce.ibmcloud.com/vulnerabilities/8092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022
http://www.osvdb.org/2042
http://www.securityfocus.com/bid/4053
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003
https://exchange.xforce.ibmcloud.com/vulnerabilities/8092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022