CVE-2002-0228

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/254021	Patch Vendor Advisory
http://www.iss.net/security_center/static/8084.php	Vendor Advisory
http://www.securityfocus.com/bid/4028

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:msn_messenger:2.2:::::::*
	cpe:2.3:a:microsoft:msn_messenger:3.0:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.0:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.5:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.6:::::::*

History

No history.

Information

Published : 2002-05-16 04:00

Updated : 2008-09-11 00:00

NVD link : CVE-2002-0228

Mitre link : CVE-2002-0228

CVE.ORG link : CVE-2002-0228

JSON object : View

Products Affected

microsoft

msn_messenger

CWE

NVD-CWE-Other

{"id": "CVE-2002-0228", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-05-16T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/254021", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8084.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4028", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."}, {"lang": "es", "value": "Microsoft MSN Messenger permite a atacantes remotos usar JavaScript que referencia a un objeto ActiveX para obtener informaci\u00f3n sensible como nombres mostrados y navegaci\u00f3n de sitios web, y posiblemente mas cuando el usuario est\u00e1 conectado a ciertos sitios de Microsoft (o sitios con DNS falsificado)."}], "lastModified": "2008-09-11T00:00:44.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ECE590D-A8FD-4D5F-A082-EA1393BCB72D"}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DD36B3-F635-4FB9-856B-215D7FE82AF7"}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71BA7CF9-3089-4525-A251-12233978E258"}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFEE276F-4ACC-440B-9F36-FAA7DAD4BAB1"}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083C6323-8712-4A42-893D-6A6BE5997689"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}