10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.071 Low
EPSS
Percentile
94.0%
A vulnerability exists in the Microsoft MSN βHrtbeat.ocxβ ActiveX control.
ActiveX is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft Internet Explorer provides support for the ActiveX technology. There is a vulnerability in the Microsoft MSN βHrtbeat.ocxβ ActiveX control. This control provides support for online gaming when visiting MSN related sites. The following information is provided in MS04-038:
This update sets the kill bit for the Hrtbeat.ocx ActiveX control. This control implements support for online gaming in MSN related sites. Internet Explorer no longer supports this control. This control has been found to contain a security vulnerability. To help protect customers who have this control installed, this update prevents the control from running or from being reintroduced onto usersβ systems by setting the kill bit for the control. For more information about kill bits, see Microsoft Knowledge Base Article 240797.
For information on preventing ActiveX controls from running in Internet Explorer, please refer to the Microsoft article βHow to Stop an ActiveX Control from Running in Internet Explorer.β
The impact of this vulnerability is not known. In the case of a buffer overflow, a remote attacker could execute arbitrary code with the privileges of the user running Internet Explorer. The attacker may also be able to cause a denial of service.
Apply Patch
Apply the appropriate patch referenced in Microsoft Security Bulletin MS04-038.
673134
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 19, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please refer to Microsoft Security Bulletin MS04-038.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23673134 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Microsoft. Microsoft credits NGS Software Ltd. for discovering the vulnerability.
This document was written by Damon Morda and Art Manion.
CVE IDs: | CVE-2004-0978 |
---|---|
Severity Metric: | 3.19 Date Public: |
msdn.microsoft.com/workshop/components/activex/controls.asp
secunia.com/advisories/12806/
securitytracker.com/alerts/2004/Oct/1011678.html
support.microsoft.com/default.aspx?id=240797
www.microsoft.com/com/tech/ActiveX.asp
www.microsoft.com/technet/security/bulletin/MS04-038.mspx
www.nextgenss.com/advisories/heartbeat.txt