CVE-2002-0622
Summary
| CVE | CVE-2002-0622 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-07-03 04:00:00 UTC |
| Updated | 2018-10-12 21:31:00 UTC |
| Description | The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Commerce Server | 2000 | All | All | All |
| Application | Microsoft | Commerce Server | 2000 | sp1 | All | All |
| Application | Microsoft | Commerce Server | 2000 | sp2 | All | All |
| Application | Microsoft | Commerce Server | 2000 | All | All | All |
| Application | Microsoft | Commerce Server | 2000 | sp1 | All | All |
| Application | Microsoft | Commerce Server | 2000 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ISS X-Force Database: mscs-owc-installer-permissions (9425): Microsoft Commerce Server OWC package installer folder permissions could allow remote command execution | XF | www.iss.net | |
| Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability | BID | www.securityfocus.com | |
| Microsoft Security Bulletin MS02-033 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| 5170 | OSVDB | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.