CVE-2002-0693

Windows HTML Help ActiveX Control Buffer Overflow RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0693. PoCs published by ipxodi.

AI-analyzed exploit summary This exploit targets a buffer overflow in the Windows Help Center ActiveX control (CVE-2002-0693) to achieve remote code execution. It generates an HTML file that triggers the vulnerability when opened in Internet Explorer, spawning a command shell.

Description

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ipxodi · cremotewindows

https://www.exploit-db.com/exploits/21902

View Code ZIP pw:eip

This exploit targets a buffer overflow in the Windows Help Center ActiveX control (CVE-2002-0693) to achieve remote code execution. It generates an HTML file that triggers the vulnerability when opened in Internet Explorer, spawning a command shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows Help Center ActiveX control (IE 5.5, 5.5 SP2, 6.0)

No auth needed

Prerequisites: Victim must open the generated HTML file in a vulnerable version of Internet Explorer

MITRE ATT&CK