Vulnerability Name:

CVE-2002-0022 (CCN-8116)

Assigned:2002-02-11
Published:2002-02-11
Updated:2021-07-23
Summary:Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Feb 27 2002 - 07:15:32 CST
Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)

Source: MITRE
Type: CNA
CVE-2002-0022

Source: BUGTRAQ
Type: UNKNOWN
20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll

Source: BUGTRAQ
Type: UNKNOWN
20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)

Source: CCN
Type: Microsoft Product Support Services
List of Fixes in Microsoft Internet Explorer 6 SP1

Source: CCN
Type: CERT Advisory CA-2002-04
Buffer Overflow in Microsoft Internet Explorer

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2002-04

Source: CCN
Type: CIAC Information Bulletin M-041
Microsoft Internet Explorer Cumulative Patch

Source: XF
Type: Patch, Vendor Advisory
ie-html-directive-bo(8116)

Source: CCN
Type: Internet Security Systems Security Alert #111
Buffer Overflow in Microsoft Internet Explorer

Source: CCN
Type: US-CERT VU#932283
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive

Source: CCN
Type: Microsoft Security Bulletin MS02-005
11 February 2002 Cumulative Patch for Internet Explorer

Source: CCN
Type: Microsoft Security Bulletin MS02-015
28 March 2002 Cumulative Patch for Internet Explorer

Source: CCN
Type: Microsoft Security Bulletin MS02-023
15 May 2002 Cumulative Patch for Internet Explorer (Q321232)

Source: CCN
Type: Microsoft Security Bulletin MS02-047
Cumulative Patch for Internet Explorer (Q323759)

Source: CCN
Type: Microsoft Security Bulletin MS02-066
Cumulative Patch for Internet Explorer (Q328970)

Source: CCN
Type: Microsoft Security Bulletin MS02-068
Cumulative Patch for Internet Explorer (324929)

Source: CCN
Type: Microsoft Security Bulletin MS03-004
Cumulative Patch for Internet Explorer (810847)

Source: CCN
Type: Microsoft Security Bulletin MS03-015
Cumulative Patch for Internet Explorer (813489)

Source: CCN
Type: Microsoft Security Bulletin MS03-020
Cumulative Patch for Internet Explorer (818529)

Source: CCN
Type: Microsoft Security Bulletin MS03-040
Cumulative Patch for Internet Explorer (828750)

Source: CCN
Type: Microsoft Security Bulletin MS03-048
Cumulative Security Update for Internet Explorer (824145)

Source: CCN
Type: Microsoft Security Bulletin MS04-004
Cumulative Security Update for Internet Explorer (832894)

Source: CCN
Type: Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Source: CCN
Type: Microsoft Security Bulletin MS04-038
Cumulative Security Update for Internet Explorer (834707)

Source: CCN
Type: Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)

Source: CCN
Type: Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer (867282)

Source: CCN
Type: Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)

Source: CCN
Type: Microsoft Security Bulletin MS05-025
Cumulative Security Update for Internet Explorer (883939)

Source: CCN
Type: Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727)

Source: CCN
Type: Microsoft Security Bulletin MS05-052
Cumulative Security Update for Internet Explorer (896688)

Source: CCN
Type: Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)

Source: CCN
Type: Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: OSVDB ID: 2045
Microsoft IE HTML Document Directive Overflow

Source: CCN
Type: OSVDB ID: 5419
Microsoft IE mshtml.dll EMBED Directive Overflow

Source: CCN
Type: SECURITY.NOV Advisory - February 13, 2002
buffer overflow in mshtml.dll

Source: BID
Type: UNKNOWN
4080

Source: CCN
Type: BID-4080
Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS02-005

Source: XF
Type: UNKNOWN
ie-html-directive-bo(8116)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:925

Source: CCN
Type: Microsoft Knowledge Base Article 317731
MS02-005: Patch Is Available for the Buffer Overrun in HTML Directive Vulnerability (Q317731)

Source: CCN
Type: Microsoft Knowledge Base Article 328548
How to Obtain the Latest Service Pack for Internet Explorer 6

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:925
    V
    MS IE HTML Directive Buffer Overflow
    2016-02-19
    BACK
    microsoft internet explorer 5.5
    microsoft internet explorer 6.0
    microsoft internet explorer 5.5
    microsoft internet explorer 6.0