Oval Definition:oval:org.mitre.oval:def:374
Revision Date:2011-05-16Version:46
Title:HTML Help ActiveX Control Buffer Overflow
Description:Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0693
Platform(s):Microsoft Windows 2000
Product(s):HTML Help ActiveX Control
Definition Synopsis
  • Software section
  • Windows 2000 is installed
  • AND the version of hhctrl.ocx is less than 5.2.3669.0
  • AND the version of hhsetup.dll is less than 5.2.3644.0
  • AND the version of itircl.dll is less than 5.2.3644.0
  • AND the version of itss.dll is less than 5.2.3644.0
  • AND NOT the patch q323255 is installed (Hotfix key)
  • AND Windows 2000 Service Pack 4 (or later) is installed
  • Windows 2000 is installed
  • AND Win2K/XP/2003 service pack 4 (or later) is installed
  • AND Configuration section
  • active scripting is enabled
  • current user settings are being used and active scripting is enabled
  • NOT use machine settings rather than individual user settings
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and active scripting is enabled
  • use machine settings rather than individual user settings
  • AND active scripting is enabled for the local machine
    • BACK