Vulnerabilities > CVE-2004-0842
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 | |
| Application | 1 | |
| Hardware | 3 | |
| OS | 2 |
Exploit-Db
| description | Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability. CVE-2004-0842. Remote exploit for windows platform |
| id | EDB-ID:24328 |
| last seen | 2016-02-02 |
| modified | 2004-07-08 |
| published | 2004-07-08 |
| reporter | Phuong Nguyen |
| source | https://www.exploit-db.com/download/24328/ |
| title | Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability |
Oval
accepted 2014-02-24T04:03:13.890-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:2906 status accepted submitted 2004-10-19T04:45:00.000-04:00 title Windows 2000, IE v5.01 CSS Heap Memory Corruption Vulnerability version 67 accepted 2014-02-24T04:03:15.326-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:3372 status accepted submitted 2004-10-19T12:00:00.000-04:00 title Windows Server 2003, IE v6,SP1 CSS Heap Memory Corruption Vulnerability version 68 accepted 2014-02-24T04:03:18.156-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:4169 status accepted submitted 2004-10-19T04:00:00.000-04:00 title Windows XP, IE v6.0 CSS Heap Memory Corruption Vulnerability version 68 accepted 2014-02-24T04:03:23.456-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:5592 status accepted submitted 2004-10-19T04:49:00.000-04:00 title Windows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption Vulnerability version 67 accepted 2014-02-24T04:03:25.262-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description @;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:6579 status accepted submitted 2004-10-19T04:56:00.000-04:00 title Windows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption Vulnerability version 68
References
- http://www.ecqurity.com/adv/IEstyle.html
- http://www.securityfocus.com/bid/10816
- http://www.securiteam.com/exploits/5NP042KF5A.html
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- http://www.kb.cert.org/vuls/id/291304
- http://www.ciac.org/ciac/bulletins/p-006.shtml
- http://secunia.com/advisories/12806
- http://marc.info/?l=full-disclosure&m=109060455614702&w=2
- http://marc.info/?l=bugtraq&m=109107496214572&w=2
- http://marc.info/?l=full-disclosure&m=109102919426844&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16675
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038