5

CVE-2002-1185

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6.0 Updatesp1
MicrosoftInternet Explorer Version5.0.1
MicrosoftInternet Explorer Version5.0.1 Updatesp1
MicrosoftInternet Explorer Version5.0.1 Updatesp2
MicrosoftInternet Explorer Version5.5
MicrosoftInternet Explorer Version5.5 Updatesp1
MicrosoftInternet Explorer Version5.5 Updatesp2
MicrosoftInternet Explorer Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 21.34% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html
http://marc.info/?l=bugtraq&m=103970996205091&w=2
http://www.eeye.com/html/Research/Advisories/AD20021211.html
http://www.iss.net/security_center/static/10662.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/6216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542