Vulnerability Description
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Antivirus | 2.5 |
| Microsoft | Exchange Server | 2000 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/212724Third Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/archive/1/213762Third Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3305Third Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7093VDB Entry
- http://www.securityfocus.com/archive/1/212724Third Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/archive/1/213762Third Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3305Third Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7093VDB Entry
FAQ
What is CVE-2001-1099?
CVE-2001-1099 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing mali...
How severe is CVE-2001-1099?
CVE-2001-1099 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1099?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Norton Antivirus, Microsoft Exchange Server.