Описание
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Broken Link
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Broken Link
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.42218
Средний
10 Critical
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
почти 4 года назад
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
EPSS
Процентиль: 97%
0.42218
Средний
10 Critical
CVSS2
Дефекты
CWE-787