Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0228

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0228
Last Modified 10 Sep 2008 08:00:44
Published 16 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0228

Summary

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

Vulnerable Systems

Application

  • Microsoft Msn Messenger 2.2

  • Microsoft Msn Messenger 3.0

  • Microsoft Msn Messenger 4.0

  • Microsoft Msn Messenger 4.5

  • Microsoft Msn Messenger 4.6


References

BUGTRAQ - 20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)

XF - msn-messenger-reveal-information(8084)

BID - 4028


Last Updated: 27 May 2016 10:36:50