Lucene search

[email protected]CVE-2004-0842

HistoryDec 23, 2004 - 5:00 a.m.

CVE-2004-0842

2004-12-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

internet explorer

denial of service

css

heap-based buffer overflow

memory corruption

cve-2004-0842

7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from “memory corruption”) via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the “<STYLE>@;/*” string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the “CSS Heap Memory Corruption Vulnerability.”

CPENameOperatorVersion
avaya:definity_one_media_serveravaya definity one media servereq*
microsoft:iemicrosoft ieeq6.0
avaya:s8100avaya s8100eq*
avaya:ip600_media_serversavaya ip600 media serverseq*
avaya:s3400avaya s3400eq*
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq6.0
avaya:modular_messaging_message_storage_serveravaya modular messaging message storage servereq2.0
avaya:modular_messaging_message_storage_serveravaya modular messaging message storage servereq1.1

CPE	Name	Operator	Version
avaya:definity_one_media_server	avaya definity one media server	eq	*
microsoft:ie	microsoft ie	eq	6.0
avaya:s8100	avaya s8100	eq	*
avaya:ip600_media_servers	avaya ip600 media servers	eq	*
avaya:s3400	avaya s3400	eq	*
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	6.0
avaya:modular_messaging_message_storage_server	avaya modular messaging message storage server	eq	2.0
avaya:modular_messaging_message_storage_server	avaya modular messaging message storage server	eq	1.1

References

marc.info/?l=bugtraq&m=109107496214572&w=2

marc.info/?l=full-disclosure&m=109060455614702&w=2

marc.info/?l=full-disclosure&m=109102919426844&w=2

secunia.com/advisories/12806

www.ciac.org/ciac/bulletins/p-006.shtml

www.ecqurity.com/adv/IEstyle.html

www.kb.cert.org/vuls/id/291304

www.securiteam.com/exploits/5NP042KF5A.html

www.securityfocus.com/bid/10816

www.us-cert.gov/cas/techalerts/TA04-293A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

exchange.xforce.ibmcloud.com/vulnerabilities/16675

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579

7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2004-0842

cert1 checkpoint_advisories1 securityvulns2 openvas2