Description
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
Product(s):
- Microsoft Windows 2000
- Microsoft Windows 2000 Japanese Server Edition
- Microsoft Windows 2000 Advanced Server Edition
- Microsoft Windows 2000 Datacenter Server Edition
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server Edition
- Microsoft Windows 2000 Beta 3
- Microsoft windows 2000_gold
- Microsoft Windows 2000 Addvanced Server (Initial Release)
- Microsoft Windows 2000 Datacenter Server (Initial Release)
- Microsoft Windows 2000 Professional (Initial release)
- Microsoft Windows 2000 Server (Inital release)
- Microsoft windows 2000_rc1
- Microsoft windows 2000_rc2
- Microsoft windows 2000_sp1
- Microsoft Windows 2000 Service Pack 1 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 1 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 1 Professional Edition
- Microsoft Windows 2000 Service Pack 1 Server Edition
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Server SP1
- Microsoft windows 2000_sp2
- Microsoft Windows 2000 Service Pack 2 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 2 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 2 Professional Edition
- Microsoft Windows 2000 Service Pack 2 Server Edition
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server SP2
- Microsoft windows 2000_sp3
- Microsoft Windows 2000 Service Pack 3 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 3 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 3 Professional Edition
- Microsoft Windows 2000 Service Pack 3 Server Edition
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows 2000 Service Pack 4 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 4 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 4 Professional Edition
- Microsoft Windows 2000 Service Pack 4 Server Edition
- Microsoft Windows 2000 Service Pack 4 French
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP4
- Microsoft windows 2000_beta3
- Microsoft Windows 95
- Microsoft windows 95_gold
- Microsoft windows 95_osr2.1
- Microsoft windows 95_osr2.5
- Microsoft windows 95_osr2
- Microsoft windows 95_sp1
- Microsoft Windows 95 SR2
- Microsoft Windows 98 Gold
- Microsoft windows 98_gold
- Microsoft Windows 98SE
- Microsoft windows 98_se
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 Embedded Edition x64
- Microsoft Windows NT 4.0 Embedded Edition x86
- Microsoft Windows NT 4.0 Enterprise Edition x64
- Microsoft Windows NT 4.0 Enterprise Edition x86
- Microsoft Windows NT 4.0 Server Edition x64
- Microsoft Windows NT 4.0 Server Edition x86
- Microsoft Windows NT 4.0 Terminal Server Edition x64
- Microsoft Windows NT 4.0 Terminal Server Edition x86
- Microsoft Windows NT 4.0 Workstation Edition x64
- Microsoft Windows NT 4.0 Workstation Edition x86
- Microsoft Windows 4.0 gold
- Microsoft Windows 4.0 gold embedded
- Microsoft Windows 4.0 gold enterprise
- Microsoft Windows 4.0 gold server
- Microsoft Windows NT 4.0 Terminal Server Edition (Initial release)
- Microsoft Windows 4.0 gold workstation
- Microsoft Windows 4.0 sp1
- Microsoft Windows NT 4.0 Service Pack 1 Embedded Edition x64
- Microsoft Windows NT 4.0 Service Pack 1 Embedded Edition x86
- Microsoft Windows NT 4.0 Service Pack 1 Enterprise Edition x64
- Microsoft Windows NT 4.0 Service Pack 1 Enterprise Edition x86
- Microsoft Windows NT 4.0 Service Pack 1 Server Edition x64
- Microsoft Windows NT 4.0 Service Pack 1 Server Edition x86
- Microsoft Windows NT 4.0 Service Pack 1 Terminal Server Edition x64
- Microsoft Windows NT 4.0 Service Pack 1 Terminal Server Edition x86
- Microsoft Windows NT 4.0 Service Pack 1 Workstation Edition x64
- Microsoft Windows NT 4.0 Service Pack 1 Workstation Edition x86
- Microsoft Windows 4.0 sp1 embedded
- Microsoft Windows 4.0 sp1 enterprise
- Microsoft Windows 4.0 sp1 server
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows 4.0 sp1 workstation
- Microsoft Windows 4.0 sp2
- Microsoft Windows NT 4.0 Service Pack 2 Embedded Edition x64
- +112 additional
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2002-0053, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0053 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Buffer-Overflow
- https://capec.mitre.org/data/definitions/10.html
- https://capec.mitre.org/data/definitions/100.html
- https://capec.mitre.org/data/definitions/123.html
- https://capec.mitre.org/data/definitions/14.html
- https://capec.mitre.org/data/definitions/24.html
- https://capec.mitre.org/data/definitions/42.html
- https://capec.mitre.org/data/definitions/44.html
- https://capec.mitre.org/data/definitions/45.html
- https://capec.mitre.org/data/definitions/46.html
- https://capec.mitre.org/data/definitions/47.html
- https://capec.mitre.org/data/definitions/8.html
- https://capec.mitre.org/data/definitions/9.html
- https://nvd.nist.gov/vuln/detail/CVE-2002-0053