CVE-2002-0621

critical

Description

Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033

http://www.securityfocus.com/bid/5108

http://www.osvdb.org/5172

http://www.iss.net/security_center/static/9424.php

Details

Source: Mitre, NVD

Published: 2002-07-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.16667