Buffer Overflow in cgiemail by CGI-Email Software
CVE-2002-1652

Currently unrated

Key Information:

Vendor

Mit

Status
Cgiemail
Vendor
CVE Published:
31 December 2002

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 43%

What is CVE-2002-1652?

A buffer overflow vulnerability exists in the cgiemail 1.6 application, specifically in the cgicso.c file. This flaw allows remote attackers to exploit the application through specially crafted query parameters that exceed the buffer capacity. Consequently, this may crash the application, resulting in a denial of service, and could potentially allow attackers to execute arbitrary code on the affected system, posing significant security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2002-1652 - Proof of Concept

References

http://www.securityfocus.com/bid/6141
vdb-entryx_refsource_BID
http://www.kb.cert.org/vuls/id/185251
third-party-advisoryx_refsource_CERT-VN
http://www.securiteam.com/exploits/5TP0W005FE.html
x_refsource_MISC

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.