Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0022


Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0022
Last Modified 05 Sep 2008 04:26:58
Published 08 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

Vulnerable Systems


  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


CERT - CA-2002-04

MS - MS02-005

XF - ie-html-directive-bo(8116)

BUGTRAQ - 20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll

BID - 4080

BUGTRAQ - 20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)

Last Updated: 27 May 2016 10:36:44