Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0693

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0693
Last Modified 10 Sep 2008 03:12:43
Published 10 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0693

Summary

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Terminal Services

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

MS - MS02-055

BID - 5874

XF - win-html-help-bo(10253)

BUGTRAQ - 20021010 prover of concept code of windows help overflow

BUGTRAQ - 20021009 Thor Larholm security advisory TL#004

BUGTRAQ - 20021003 Buffer Overflow in IE/Outlook HTML Help


Last Updated: 27 May 2016 10:37:02