Lucene search

[email protected]CVE-2002-0228

HistoryMay 16, 2002 - 4:00 a.m.

CVE-2002-0228

2002-05-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

msn messenger

javascript

activex

sensitive info

remote attack

cve-2002-0228

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.9%

JSON

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

CPENameOperatorVersion
microsoft:msn_messengermicrosoft msn messengereq4.6
microsoft:msn_messengermicrosoft msn messengereq2.2
microsoft:msn_messengermicrosoft msn messengereq4.0
microsoft:msn_messengermicrosoft msn messengereq4.5
microsoft:msn_messengermicrosoft msn messengereq3.0

CPE	Name	Operator	Version
microsoft:msn_messenger	microsoft msn messenger	eq	4.6
microsoft:msn_messenger	microsoft msn messenger	eq	2.2
microsoft:msn_messenger	microsoft msn messenger	eq	4.0
microsoft:msn_messenger	microsoft msn messenger	eq	4.5
microsoft:msn_messenger	microsoft msn messenger	eq	3.0

References

online.securityfocus.com/archive/1/254021

www.iss.net/security_center/static/8084.php

www.securityfocus.com/bid/4028

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2002-0228

openvas2