Vulnerabilities > CVE-2004-0978 - Out-Of-Bounds Write vulnerability in Microsoft Internet Explorer 5.01/5.5/6

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

microsoft

CWE-787

critical

NVD

Published: 2005-02-09

Updated: 2020-12-09

Summary

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6	5
OS	Microsoft Microsoft Windows 2000 - Microsoft Windows ME - Microsoft Windows Server 2003 - Microsoft Windows XP - Microsoft Windows 98Se - Microsoft Windows NT 4.0	12

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References