1. CVE-Search
  2. CVE-2004-0978
ID CVE-2004-0978
Summary Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:-:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:-:-:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 09-12-2020 - 18:35)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 11367
bugtraq 20050119 MSN Heartbeat Control Buffer Overflow
cert-vn VU#673134
misc http://www.ngssoftware.com/advisories/heartbeatfull.txt
xf heartbeat-activex(17714)
Last major update 09-12-2020 - 18:35
Published 09-02-2005 - 05:00
Last modified 09-12-2020 - 18:35
Back to Top