CVE-2002-0228

3 documents3 sources

Severity

5.0MEDIUM

EPSS

28.6%

top 3.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft MSN Messenger

Timeline

PublishedMay 16

Latest updateApr 30

Description

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/msn_messenger5 versions+4

Patches

Patch: online.securityfocus.com ↗Patch: online.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-jvcw-7829-ggcr: Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display na↗2022-04-30

▶

CVEList

CVE-2002-0228: Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display na↗2002-05-03

▶