Vulnerabilities > CVE-2002-0022 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft

Summary

Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Oval

accepted2016-02-19T10:00:00.000-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameHarvey Rubinovitz
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentMicrosoft Internet Explorer 6 is installed
ovaloval:org.mitre.oval:def:563
descriptionBuffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
familywindows
idoval:org.mitre.oval:def:925
statusaccepted
submitted2004-04-29T04:00:00.000-04:00
titleMS IE HTML Directive Buffer Overflow
version70