Details of VAR-200212-0445

ID

VAR-200212-0445

CVE

CVE-2002-1774

TITLE

Symantec Norton AntiVirus NULL Character handling improper mail protection can bypass the vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-807

DESCRIPTION

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed. Upon receiving an email message crafted as such, Norton AntiVirus 2002 fails to detect the virus. As a result email messages with malicious content (ie: viruses, trojans etc.) will go undetected and could possibly run on the recipients system

Trust: 1.26

sources: NVD: CVE-2002-1774 // BID: 4242 // VULHUB: VHN-6157

AFFECTED PRODUCTS

vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2002	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	20020	Trust: 0.3

sources: BID: 4242 // CNNVD: CNNVD-200212-807 // NVD: CVE-2002-1774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1774
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-807
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6157
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1774
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6157
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6157 // CNNVD: CNNVD-200212-807 // NVD: CVE-2002-1774

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-807

TYPE

Design Error

Trust: 0.9

sources: BID: 4242 // CNNVD: CNNVD-200212-807

EXTERNAL IDS

db:	BID	id:	4242	Trust: 2.0
db:	NVD	id:	CVE-2002-1774	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-807	Trust: 0.7
db:	NSFOCUS	id:	2366	Trust: 0.6
db:	XF	id:	8389	Trust: 0.6
db:	VULHUB	id:	VHN-6157	Trust: 0.1

sources: VULHUB: VHN-6157 // BID: 4242 // CNNVD: CNNVD-200212-807 // NVD: CVE-2002-1774

REFERENCES

url:	http://www.securityfocus.com/bid/4242	Trust: 2.7
url:	http://online.securityfocus.com/archive/1/260271	Trust: 2.1
url:	http://online.securityfocus.com/archive/1/260678	Trust: 2.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/8389	Trust: 2.1
url:	http://xforce.iss.net/xforce/xfdb/8389	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/2366	Trust: 0.6
url:	http://www.symantec.com/nav/nav_9xnt/	Trust: 0.3
url:	http://www.symantec.com	Trust: 0.3

sources: VULHUB: VHN-6157 // BID: 4242 // CNNVD: CNNVD-200212-807 // NVD: CVE-2002-1774

CREDITS

Edvice Security Services※ support@edvicesecurity.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-807

SOURCES

db:	VULHUB	id:	VHN-6157
db:	BID	id:	4242
db:	CNNVD	id:	CNNVD-200212-807
db:	NVD	id:	CVE-2002-1774

LAST UPDATE DATE

2024-11-22T22:57:14.686000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6157	date:	2017-07-11T00:00:00
db:	BID	id:	4242	date:	2002-03-07T00:00:00
db:	CNNVD	id:	CNNVD-200212-807	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1774	date:	2024-11-20T23:42:05.690

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6157	date:	2002-12-31T00:00:00
db:	BID	id:	4242	date:	2002-03-07T00:00:00
db:	CNNVD	id:	CNNVD-200212-807	date:	2002-03-07T00:00:00
db:	NVD	id:	CVE-2002-1774	date:	2002-12-31T05:00:00