CVE-2003-0469

2003-08-0704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0469

buffer overflow

html converter

windows os

remote code execution

denial of service

internet explorer 5.0

8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.156 Low

EPSS

Percentile

95.8%

JSON

Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long “align” argument in an HR tag.

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq64-bit
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_98semicrosoft windows 98seeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2
microsoft:windows_memicrosoft windows meeq*
microsoft:windows_98microsoft windows 98eq*

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	64-bit
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_98se	microsoft windows 98se	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2
microsoft:windows_me	microsoft windows me	eq	*
microsoft:windows_98	microsoft windows 98	eq	*