Vulnerabilities > CVE-2002-1185 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Oval
accepted 2014-02-24T04:03:17.576-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." family windows id oval:org.mitre.oval:def:393 status accepted submitted 2004-01-27T05:00:00.000-04:00 title IE v6.0 Malformed PNG Image File Failure Vulnerability version 67 accepted 2014-02-24T04:03:22.562-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." family windows id oval:org.mitre.oval:def:542 status accepted submitted 2004-01-27T12:00:00.000-04:00 title IE v5.5 Malformed PNG Image File Failure Vulnerability version 66
References
- http://www.iss.net/security_center/static/10662.php
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html
- http://www.eeye.com/html/Research/Advisories/AD20021211.html
- http://www.securityfocus.com/bid/6216
- http://marc.info/?l=bugtraq&m=103970996205091&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066