Buffer Overflow in HTML Help ActiveX Control Affects Microsoft Windows
CVE-2002-0693

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows 2000 Terminal Services; Windows Xp; Windows 2000
Vendor: CVE Published:; 10 October 2002

Summary

The vulnerability in the HTML Help ActiveX Control (hhctrl.ocx) allows remote attackers to execute arbitrary code on affected Microsoft Windows systems. This occurs due to a buffer overflow that can be triggered by supplying excessively long parameters to the Alink function or by including lengthy arguments in the script for the showHelp function. Systems running Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, 2000, and XP are especially at risk. It is essential that users and administrators implement the necessary security patches as advised by Microsoft to prevent potential exploitation.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/5874

vdb-entryx_refsource_BID

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

50% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 10, 2002
Vulnerability Reserved
Jul 12, 2002