Vulnerabilities > CVE-2002-0022 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Oval
| accepted | 2016-02-19T10:00:00.000-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:925 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2004-04-29T04:00:00.000-04:00 | ||||||||||||||||||||
| title | MS IE HTML Directive Buffer Overflow | ||||||||||||||||||||
| version | 70 |
References
- http://www.cert.org/advisories/CA-2002-04.html
- http://www.iss.net/security_center/static/8116.php
- http://online.securityfocus.com/archive/1/258614
- http://www.securityfocus.com/bid/4080
- http://marc.info/?l=bugtraq&m=101362984930597&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A925
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005