Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-0842

Published: 23/12/2004 Updated: 23/07/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Microsoft

Vulnerability Summary

Internet Explorer 6.0 SP1 and previous versions, and possibly other versions, allows remote malicious users to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 5.0.1

microsoft internet explorer 5.5

avaya s8100

avaya ip600 media servers

avaya definity one media server

avaya s3400

microsoft internet explorer 6.0

microsoft ie 6.0

avaya modular messaging message storage server 1.1

avaya modular messaging message storage server 2.0

Exploits

Exploit DB: Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption
source: wwwsecurityfocuscom/bid/10816/info A heap overflow vulnerability has been discovered in Internet Explorer It is reported that the issue presents itself when a comment character sequence that is not terminated is encountered after a STYLE tag This issue could be exploited by a remote attacker to execute arbitrary code in the con ...

References

NVD-CWE-Otherhttp://www.ecqurity.com/adv/IEstyle.htmlhttp://www.securityfocus.com/bid/10816http://www.securiteam.com/exploits/5NP042KF5A.htmlhttp://www.us-cert.gov/cas/techalerts/TA04-293A.htmlhttp://www.kb.cert.org/vuls/id/291304http://www.ciac.org/ciac/bulletins/p-006.shtmlhttp://secunia.com/advisories/12806http://marc.info/?l=full-disclosure&m=109060455614702&w=2http://marc.info/?l=bugtraq&m=109107496214572&w=2http://marc.info/?l=full-disclosure&m=109102919426844&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16675https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038https://nvd.nist.govhttps://www.exploit-db.com/exploits/24328/https://www.kb.cert.org/vuls/id/291304
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook