Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-0077 | First vendor Publication | 2002-01-13 |
| Vendor | Cve | Last vendor Modification | 2021-07-23 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0077 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3052 | Microsoft IE/Outlook CODEBASE PopUp Object Remote Execution Microsoft Internet Explorer could allow a remote attacker to execute arbitrary programs on a vulnerable system. The flaw occurs due to IE allowing the dynamic insertion of HTML elements into an element. This is achieved through "innerHTML", "outerHTML", "insertAdjacentHTML" and other elements and can be abused through functions such as window.PopUp() and window.Open(). Using these methods and others, an attacker can execute arbitrary commands on the remote system. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2002-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| BUGTRAQ | http://marc.info/?l=bugtraq&m=101103188711920&w=2 |
| MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02... |
Alert History
| Date | Informations |
|---|---|
| 2021-07-27 00:24:38 |
|
| 2021-07-24 01:44:16 |
|
| 2021-07-24 01:01:19 |
|
| 2021-07-23 17:24:42 |
|
| 2021-07-23 01:44:04 |
|
| 2021-07-23 01:01:19 |
|
| 2021-07-22 21:24:59 |
|
| 2021-05-04 12:01:36 |
|
| 2021-04-22 01:01:44 |
|
| 2020-05-23 00:14:54 |
|
| 2018-10-13 00:22:24 |
|
| 2016-10-18 12:00:59 |
|
| 2013-05-11 12:08:04 |
|
