CVE-2002-0299 — HIGH (7.6) — White Hats Nepal

Q: What is CVE-2002-0299?

CVE-2002-0299 is a vulnerability with a CVSS score of 7.6 (HIGH). CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.

Q: How severe is CVE-2002-0299?

CVE-2002-0299 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-0299?

Check the references section above for vendor advisories and patch information. Affected products include: Cnet Catchup.

Vulnerability Description

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cnet	Catchup	<= 1.3

References

http://marc.info/?l=bugtraq&m=101438631921749&w=2
http://www.iss.net/security_center/static/8035.php
http://www.securityfocus.com/bid/3975
http://marc.info/?l=bugtraq&m=101438631921749&w=2
http://www.iss.net/security_center/static/8035.php
http://www.securityfocus.com/bid/3975

FAQ

What is CVE-2002-0299?

CVE-2002-0299 is a vulnerability with a CVSS score of 7.6 (HIGH). CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.

How severe is CVE-2002-0299?

CVE-2002-0299 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0299?

Check the references section above for vendor advisories and patch information. Affected products include: Cnet Catchup.