CVE-2002-0228 - Vulnerability Details - OpenCVE

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Msn Messenger

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:msn_messenger:2.2:::::::*
	cpe:2.3:a:microsoft:msn_messenger:3.0:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.0:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.5:::::::*
	cpe:2.3:a:microsoft:msn_messenger:4.6:::::::*

No data.

References

Link	Providers
http://online.securityfocus.com/archive/1/254021
http://www.iss.net/security_center/static/8084.php
http://www.securityfocus.com/bid/4028

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-05-03T04:00:00

Updated: 2024-08-08T02:42:28.577Z

Reserved: 2002-05-01T00:00:00

Link: CVE-2002-0228

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-05-16T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-0228

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-05-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/254021"}, {"name": "msn-messenger-reveal-information(8084)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8084.php"}, {"name": "4028", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4028"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/254021"}, {"name": "msn-messenger-reveal-information(8084)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8084.php"}, {"name": "4028", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4028"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:42:28.577Z"}, "title": "CVE Program Container", "references": [{"name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/254021"}, {"name": "msn-messenger-reveal-information(8084)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8084.php"}, {"name": "4028", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4028"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0228", "datePublished": "2002-05-03T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2024-08-08T02:42:28.577Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0ECE590D-A8FD-4D5F-A082-EA1393BCB72D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6DD36B3-F635-4FB9-856B-215D7FE82AF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "71BA7CF9-3089-4525-A251-12233978E258", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "DFEE276F-4ACC-440B-9F36-FAA7DAD4BAB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:msn_messenger:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "083C6323-8712-4A42-893D-6A6BE5997689", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."}, {"lang": "es", "value": "Microsoft MSN Messenger permite a atacantes remotos usar JavaScript que referencia a un objeto ActiveX para obtener informaci\u00f3n sensible como nombres mostrados y navegaci\u00f3n de sitios web, y posiblemente mas cuando el usuario est\u00e1 conectado a ciertos sitios de Microsoft (o sitios con DNS falsificado)."}], "id": "CVE-2002-0228", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-05-16T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/254021"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8084.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://online.securityfocus.com/archive/1/254021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8084.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4028"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}