Information Disclosure in Microsoft MSN Messenger Allows Unauthorized Data Access
CVE-2002-0228

Currently unrated

Key Information:

Vendor: Microsoft
Status: Msn Messenger
Vendor: CVE Published:; 16 May 2002

Summary

Microsoft MSN Messenger contains a vulnerability that allows remote attackers to exploit an ActiveX object via JavaScript. This can lead to unauthorized access to sensitive user information, including display names and browsing history, particularly when users are connected to specific Microsoft sites or DNS-spoofed locations. This vulnerability highlights the risks associated with ActiveX controls and the necessity for users to remain vigilant while using such applications.

References

http://online.securityfocus.com/archive/1/254021

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/8084.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/4028

vdb-entryx_refsource_BID

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 16, 2002
Vulnerability Reserved
May 1, 2002