1. Home
  2. CVE Database
  3. CVE-2002-0694
HIGH · 7.5

CVE-2002-0694

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when o...

Vulnerability Description

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftWindows 2000 Terminal ServicesAll versions
MicrosoftWindows 98All versions
MicrosoftWindows 98SeAll versions
MicrosoftWindows MeAll versions
MicrosoftWindows Nt4.0
MicrosoftWindows XpAll versions

References

FAQ

What is CVE-2002-0694?

CVE-2002-0694 is a vulnerability with a CVSS score of 7.5 (HIGH). The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when o...

How severe is CVE-2002-0694?

CVE-2002-0694 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0694?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services, Microsoft Windows 98, Microsoft Windows 98Se, Microsoft Windows Me.