Oval Definition:oval:org.mitre.oval:def:925
Revision Date:2016-02-19Version:47
Title:MS IE HTML Directive Buffer Overflow
Description:Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0022
Platform(s):Microsoft Windows 2000
Microsoft Windows 98
Microsoft Windows NT
Microsoft Windows XP
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Microsoft Internet Explorer 6 is installed
  • AND File %windir%\system32\mshtml.dll version is less than 6.0.2713.1100
  • AND NOT the patch q316059 is installed (Installed Components key)
  • AND NOT the patch q319282 is installed (Installed Components key)
  • AND NOT the patch q321232 is installed (Installed Components key)
  • AND NOT the patch q323759 is installed (Installed Components key)
  • AND NOT the patch q328970 is installed (Installed Components key)
  • AND NOT the patch q324929 is installed (Installed Components key)
  • AND NOT the patch q810847 is installed (Installed Components key)
  • AND NOT the patch q813489 is installed (Installed Components key)
  • AND NOT the patch q818529 is installed (Installed Components key)
  • AND NOT the patch q822925 is installed (Installed Components key)
  • AND NOT the patch q828750 is installed (Installed Components key)
  • AND NOT the patch q824145 is installed (Installed Components key)
  • AND NOT the patch q832894 is installed (Installed Components key)
  • AND use machine settings rather than individual user settings
  • AND Run ActiveX Controls and Plugins Allowed In At Least One Zone
    • BACK