Lucene search

[email protected]CVE-2002-0823

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0823

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0823

buffer overflow

winhlp32.exe

remote code execution

html

activex control

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.183 Low

EPSS

Percentile

96.2%

JSON

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

Affected configurations

NVD

Node

microsoftwindows_help

Node

microsoftwindows_2000sp1

microsoftwindows_2000sp2

CPENameOperatorVersion
microsoft:windows_helpmicrosoft windows helpeq*

CPE	Name	Operator	Version
microsoft:windows_help	microsoft windows help	eq	*

References

marc.info/?l=bugtraq&m=102822806329440&w=2

support.microsoft.com/default.aspx?scid=kb%3Ben-us%3Bq293338

www.iss.net/security_center/static/9746.php

www.osvdb.org/2991

www.securityfocus.com/bid/4857

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.183 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2002-0823

checkpoint_advisories1 cvelist1 nvd1