CVE-2004-0842

Опубликовано: 23 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*

cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.84327

Высокий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-g4xq-83hp-jc9q

github

почти 4 года назад

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."