ID CVE-2004-0842
Summary Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-24T04:03:13.890-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2906
    status accepted
    submitted 2004-10-19T04:45:00.000-04:00
    title Windows 2000, IE v5.01 CSS Heap Memory Corruption Vulnerability
    version 66
  • accepted 2014-02-24T04:03:15.326-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3372
    status accepted
    submitted 2004-10-19T12:00:00.000-04:00
    title Windows Server 2003, IE v6,SP1 CSS Heap Memory Corruption Vulnerability
    version 67
  • accepted 2014-02-24T04:03:18.156-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4169
    status accepted
    submitted 2004-10-19T04:00:00.000-04:00
    title Windows XP, IE v6.0 CSS Heap Memory Corruption Vulnerability
    version 67
  • accepted 2014-02-24T04:03:23.456-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:5592
    status accepted
    submitted 2004-10-19T04:49:00.000-04:00
    title Windows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption Vulnerability
    version 66
  • accepted 2014-02-24T04:03:25.262-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6579
    status accepted
    submitted 2004-10-19T04:56:00.000-04:00
    title Windows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption Vulnerability
    version 67
refmap via4
bid 10816
bugtraq 20040728 Re: Crash IE with 11 bytes ;)
cert TA04-293A
cert-vn VU#291304
ciac P-006
fulldisc
  • 20040723 Crash IE with 11 bytes ;)
  • 20040728 Re: Crash IE with 11 bytes ;)
misc
ms MS04-038
secunia 12806
xf ie-popupshow-perform-actions(16675)
Last major update 12-10-2018 - 21:35
Published 23-12-2004 - 05:00
Back to Top