10

CVE-2004-0978

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version5.01 Updatesp3
   MicrosoftWindows 2000 Version- Updatesp3
   MicrosoftWindows 2000 Version- Updatesp4
MicrosoftInternet Explorer Version5.01 Updatesp4
   MicrosoftWindows 2000 Version- Updatesp3
   MicrosoftWindows 2000 Version- Updatesp4
MicrosoftInternet Explorer Version5.5 Updatesp2
   MicrosoftWindows Me Version-
MicrosoftInternet Explorer Version6 Update-
   MicrosoftWindows Server 2003 Version-
   MicrosoftWindows Server 2003 Version- HwPlatformx64
   MicrosoftWindows Xp Version-
   MicrosoftWindows Xp Version- Update- HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp1
   MicrosoftWindows Xp Version- Updatesp2
MicrosoftInternet Explorer Version6 Updatesp1
   MicrosoftWindows 2000 Version- Updatesp3
   MicrosoftWindows 2000 Version- Updatesp4
   MicrosoftWindows 98se Version-
   MicrosoftWindows Me Version-
   MicrosoftWindows Nt Version4.0 Updatesp6 SwEditionterminal_server
   MicrosoftWindows Nt Version4.0 Updatesp6a
   MicrosoftWindows Xp Version-
   MicrosoftWindows Xp Version- Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 48.51% 0.977
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://marc.info/?l=bugtraq&m=110616221411579&w=2
Third Party Advisory
Issue Tracking
http://www.kb.cert.org/vuls/id/673134
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/11367
Third Party Advisory
VDB Entry