Unrated severityNVD Advisory· Published Mar 8, 2002· Updated Apr 16, 2026

CVE-2002-0054

Description

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

Affected products

Microsoft/Exchange Server5 versions
cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
Microsoft/Windows 20003 versions
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/4205nvdPatchThird Party AdvisoryVDB Entry
docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011nvdPatchVendor Advisory
marc.infonvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000