7.5

CVE-2004-0842

Exploit
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6.0 Updatesp1
MicrosoftInternet Explorer Version5.0.1
MicrosoftInternet Explorer Version5.0.1 Updatesp1
MicrosoftInternet Explorer Version5.0.1 Updatesp2
MicrosoftInternet Explorer Version5.0.1 Updatesp3
MicrosoftInternet Explorer Version5.0.1 Updatesp4
MicrosoftInternet Explorer Version5.5
MicrosoftInternet Explorer Version5.5 Updatesp1
MicrosoftInternet Explorer Version5.5 Updatesp2
MicrosoftInternet Explorer Version6.0
AvayaS3400
AvayaS8100
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 56.61% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA04-293A.html
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
https://exchange.xforce.ibmcloud.com/vulnerabilities/16675
http://marc.info/?l=bugtraq&m=109107496214572&w=2
http://marc.info/?l=full-disclosure&m=109060455614702&w=2
http://marc.info/?l=full-disclosure&m=109102919426844&w=2
http://secunia.com/advisories/12806
http://www.ciac.org/ciac/bulletins/p-006.shtml
http://www.ecqurity.com/adv/IEstyle.html
Vendor Advisory
Exploit
http://www.kb.cert.org/vuls/id/291304
US Government Resource
http://www.securiteam.com/exploits/5NP042KF5A.html
http://www.securityfocus.com/bid/10816
Patch
Vendor Advisory
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579