CVE-2002-2361

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html
http://www.iss.net/security_center/static/9984.php
http://www.securityfocus.com/bid/5579
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html
http://www.iss.net/security_center/static/9984.php
http://www.securityfocus.com/bid/5579

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:yahoo:messenger:4.0:::::::*
	cpe:2.3:a:yahoo:messenger:5.0:::::::*
	cpe:2.3:a:yahoo:messenger:5.5:::::::*

History

20 Nov 2024, 23:43

Type	Values Removed	Values Added
References	~~() http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html -~~	() http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html -
References	~~() http://www.iss.net/security_center/static/9984.php -~~	() http://www.iss.net/security_center/static/9984.php -
References	~~() http://www.securityfocus.com/bid/5579 -~~	() http://www.securityfocus.com/bid/5579 -

Information

Published : 2002-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-2361

Mitre link : CVE-2002-2361

CVE.ORG link : CVE-2002-2361

JSON object : View

Products Affected

yahoo

messenger

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2002-2361", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9984.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5579", "source": "cve@mitre.org"}, {"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/9984.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/5579", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55"}, {"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C"}, {"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.8 /10