Unrated severityNVD Advisory· Published May 16, 2002· Updated Apr 16, 2026

CVE-2002-0228

Description

Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

Affected products

Microsoft/Msn Messenger5 versions
cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:4.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

online.securityfocus.com/archive/1/254021nvdPatchVendor Advisory
www.iss.net/security_center/static/8084.phpnvdVendor Advisory
www.securityfocus.com/bid/4028nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.023
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000