CVE-2002-0228

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/254021	Patch Vendor Advisory
http://www.iss.net/security_center/static/8084.php	Vendor Advisory
http://www.securityfocus.com/bid/4028

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:msn_messenger:3.0:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.0:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.5:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.6:::::::*
	cpe:2.3:a:microsoft:msn_messenger:2.2:::::::*

Information

Published : 2002-05-15 21:00

Updated : 2008-09-10 17:00

NVD link : CVE-2002-0228

Mitre link : CVE-2002-0228

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

msn_messenger

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://online.securityfocus.com/archive/1/254021", "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", "tags": ["Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.iss.net/security_center/static/8084.php", "name": "msn-messenger-reveal-information(8084)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/4028", "name": "4028", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0228", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-05-16T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:msn_messenger:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:msn_messenger:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:msn_messenger:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:msn_messenger:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-11T00:00Z"}

5.0 /10