CVE-2002-0228

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

Published: May 16, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0228
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / msn_messenger	4.6	4.6.x
microsoft / msn_messenger	2.2	2.2.x
microsoft / msn_messenger	4.0	4.0.x
microsoft / msn_messenger	4.5	4.5.x
microsoft / msn_messenger	3.0	3.0.x

http://online.securityfocus.com/archive/1/254021
http://www.iss.net/security_center/static/8084.php
http://www.securityfocus.com/bid/4028

Vulnerability Database

289,697

CVE-2002-0228