| ID |
CVE-2002-1185
|
| Summary |
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 23-07-2021 - 12:55) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| oval
via4
|
| accepted | 2014-02-24T04:03:17.576-05:00 | | class | vulnerability | | contributors | | name | Harvey Rubinovitz | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | description | Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | | family | windows | | id | oval:org.mitre.oval:def:393 | | status | accepted | | submitted | 2004-01-27T05:00:00.000-04:00 | | title | IE v6.0 Malformed PNG Image File Failure Vulnerability | | version | 67 |
| accepted | 2014-02-24T04:03:22.562-05:00 | | class | vulnerability | | contributors | | name | Harvey Rubinovitz | | organization | The MITRE Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | description | Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | | family | windows | | id | oval:org.mitre.oval:def:542 | | status | accepted | | submitted | 2004-01-27T12:00:00.000-04:00 | | title | IE v5.5 Malformed PNG Image File Failure Vulnerability | | version | 66 |
|
| refmap
via4
|
| bid | 6216 | | bugtraq | 20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability | | eeye | AD20021211 | | vulnwatch | 20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability | | xf | ie-png-bo(10662) |
|
| Last major update |
23-07-2021 - 12:55 |
| Published |
11-12-2002 - 05:00 |
| Last modified |
23-07-2021 - 12:55 |
