Code Execution Vulnerability in Microsoft Windows Products
CVE-2002-0694

Currently unrated

Key Information:

Vendor
Microsoft
Vendor
CVE Published:
10 October 2002

Summary

The HTML Help facility in various Microsoft Windows versions utilizes the Local Computer Security Zone when accessing .chm files stored in the Temporary Internet Files folder. This design flaw enables remote attackers to execute arbitrary code through HTML emails that reference or embed a malicious .chm file containing executable shortcuts. Proper updates and security measures should be implemented to mitigate the risk associated with this vulnerability.

References

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.