Vulnerability Description
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2000 |
Related Weaknesses (CWE)
References
- http://www.osvdb.org/2042Broken Link
- http://www.securityfocus.com/bid/4053PatchThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8092Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- http://www.osvdb.org/2042Broken Link
- http://www.securityfocus.com/bid/4053PatchThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8092Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
FAQ
What is CVE-2002-0049?
CVE-2002-0049 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
How severe is CVE-2002-0049?
CVE-2002-0049 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0049?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.