CVE-2002-2435
CVE-2002-2435 is a medium-severity vulnerability in Microsoft Ie with a CVSS 2.0 base score of 4.3. Its EPSS exploit-prediction score of 14% places it in the 96th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-200.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 14% (96th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-200
- Affected product: Microsoft Ie
- Published:
- Last modified:
Description
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
Frequently asked questions
- What is CVE-2002-2435?
- The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
- How severe is CVE-2002-2435?
- CVE-2002-2435 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2002-2435 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 14% (96th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-2435?
- CVE-2002-2435 primarily affects Microsoft Ie. In total, 101 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2002-2435?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2002-2435 published?
- CVE-2002-2435 was published on 2011-12-07 and last updated on 2026-06-16.
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=147777
- http://w2spconf.com/2010/papers/p26.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71817
Affected products (101)
- cpe:2.3:a:microsoft:ie:7.0.6000.16711:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*
More vulnerabilities in Microsoft Ie
- CVE-2007-0219 — Critical (CVSS 10.0): Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3)…
- CVE-2007-0217 — Critical (CVSS 10.0): The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute…
- CVE-2006-1186 — Critical (CVSS 10.0): Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the…
- CVE-2004-0985 — Critical (CVSS 10.0): Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a…
- CVE-2004-1050 — Critical (CVSS 10.0): Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or…
- CVE-2004-0216 — Critical (CVSS 10.0): Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to…
All CVEs affecting Microsoft Ie →
Other CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerabilities
- CVE-2026-27604 — Critical (CVSS 10.0): FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version…
- CVE-2026-40965 — Critical (CVSS 10.0): Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a…
- CVE-2026-42826 — Critical (CVSS 10.0): Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose…
- CVE-2025-29270 — Critical (CVSS 10.0): Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows…
- CVE-2025-61481 — Critical (CVSS 10.0): An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by…
- CVE-2025-53624 — Critical (CVSS 10.0): The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user.…
Browse all CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerabilities →