Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0647Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
15.5%
top 5.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedSep 24
Latest updateApr 30

Description

Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 5.5, 6.0+2

🔴Vulnerability Details

1
GHSA
GHSA-4v9p-8xxf-6hpj: Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 52022-04-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5/6 Legacy Text Formatting - ActiveX Component Buffer Overflow2002-08-22
CVE-2002-0647 — Microsoft vulnerability | cvebase