CVE-2002-0693 | Vulnerability Database | Aqua Security

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.

Affected Software

Name	Vendor	Start Version	End Version
Windows_2000	Microsoft	*	*
Windows_2000_terminal_services	Microsoft	*	*
Windows_98	Microsoft	*	*
Windows_98se	Microsoft	*	*
Windows_me	Microsoft	*	*
Windows_nt	Microsoft	4.0 (including)	4.0 (including)
Windows_nt	Microsoft	4.0-sp1 (including)	4.0-sp1 (including)
Windows_nt	Microsoft	4.0-sp2 (including)	4.0-sp2 (including)
Windows_nt	Microsoft	4.0-sp3 (including)	4.0-sp3 (including)
Windows_nt	Microsoft	4.0-sp4 (including)	4.0-sp4 (including)
Windows_nt	Microsoft	4.0-sp5 (including)	4.0-sp5 (including)
Windows_nt	Microsoft	4.0-sp6 (including)	4.0-sp6 (including)
Windows_nt	Microsoft	4.0-sp6a (including)	4.0-sp6a (including)
Windows_xp	Microsoft	*	*

References

http://marc.info/?l=bugtraq\u0026m=103365849505409\u0026w=2
http://marc.info/?l=bugtraq\u0026m=103419115517344\u0026w=2
http://marc.info/?l=bugtraq\u0026m=103435279404182\u0026w=2
http://www.iss.net/security_center/static/10253.php
http://www.securityfocus.com/bid/5874
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A374
http://marc.info/?l=bugtraq\u0026m=103365849505409\u0026w=2
http://marc.info/?l=bugtraq\u0026m=103419115517344\u0026w=2
http://marc.info/?l=bugtraq\u0026m=103435279404182\u0026w=2
http://www.iss.net/security_center/static/10253.php
http://www.securityfocus.com/bid/5874
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A374

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0693
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html