CVE - CVE-2004-0842

CVE-ID
CVE-2004-0842	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:10816 URL:http://www.securityfocus.com/bid/10816 BUGTRAQ:20040728 Re: Crash IE with 11 bytes ;) URL:http://marc.info/?l=bugtraq&m=109107496214572&w=2 CERT:TA04-293A URL:http://www.us-cert.gov/cas/techalerts/TA04-293A.html CERT-VN:VU#291304 URL:http://www.kb.cert.org/vuls/id/291304 CIAC:P-006 URL:http://www.ciac.org/ciac/bulletins/p-006.shtml FULLDISC:20040723 Crash IE with 11 bytes ;) URL:http://marc.info/?l=full-disclosure&m=109060455614702&w=2 FULLDISC:20040728 Re: Crash IE with 11 bytes ;) URL:http://marc.info/?l=full-disclosure&m=109102919426844&w=2 MISC:http://www.ecqurity.com/adv/IEstyle.html MISC:http://www.securiteam.com/exploits/5NP042KF5A.html MS:MS04-038 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 OVAL:oval:org.mitre.oval:def:2906 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906 OVAL:oval:org.mitre.oval:def:3372 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372 OVAL:oval:org.mitre.oval:def:4169 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169 OVAL:oval:org.mitre.oval:def:5592 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592 OVAL:oval:org.mitre.oval:def:6579 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579 SECUNIA:12806 URL:http://secunia.com/advisories/12806 XF:ie-popupshow-perform-actions(16675) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16675
Assigning CNA
MITRE Corporation
Date Record Created
20040908	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20040908)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)