CVE-2002-0338

The Bat! 1.53d and 1.54beta - Denial of Service via MS-DOS Device Name in Attachment

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0338. PoCs published by 3APA3A.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in The Bat! email client by sending an email with an attachment named after a MS-DOS device (e.g., lpt1). The vulnerability triggers when the client is configured to save attachments separately.

Description

The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 3APA3A · textdoswindows

https://www.exploit-db.com/exploits/21307

View Code ZIP pw:eip

This exploit demonstrates a denial of service (DoS) vulnerability in The Bat! email client by sending an email with an attachment named after a MS-DOS device (e.g., lpt1). The vulnerability triggers when the client is configured to save attachments separately.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: The Bat! version 1.53d

No auth needed

Prerequisites: The Bat! configured to save attachments separately · Ability to send an email to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8303.php

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4187

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=101483832026841&w=2

Scores

EPSS 0.0328

EPSS Percentile 86.8%

Details

Status published

Products (2)

ritlabs/the_bat 1.53d

ritlabs/the_bat 1.54d

Published Jun 25, 2002

Tracked Since Feb 18, 2026