CVE-2002-0022

high Microsoft
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
29.2%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: March 8, 2002 (8833 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

CWE

NVD-CWE-Other

Affected Products

microsoft internet explorer

References

🔗 marc.info 🔗 online.securityfocus.com 🔗 www.cert.org 🔗 www.iss.net 🔗 www.securityfocus.com