Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0693 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows NT

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

61.3%

top 1.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows NT

Timeline

PublishedOct 10

Latest updateApr 30

Description

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

🔴Vulnerability Details

GHSA

GHSA-vc6x-jx7x-qrfq: Buffer overflow in the HTML Help ActiveX Control (hhctrl↗2022-04-30

▶

CVEList

CVE-2002-0693: Buffer overflow in the HTML Help ActiveX Control (hhctrl↗2002-10-05

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow↗2002-10-07

▶