Vulnerability Details : CVE-2002-0228
Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
Exploit prediction scoring system (EPSS) score for CVE-2002-0228
Probability of exploitation activity in the next 30 days: 0.85%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-0228
-
http://www.iss.net/security_center/static/8084.php
Vendor Advisory
-
http://www.securityfocus.com/bid/4028
-
http://online.securityfocus.com/archive/1/254021
Patch;Vendor Advisory
Products affected by CVE-2002-0228
- cpe:2.3:a:microsoft:msn_messenger:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*