CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=257314	Vendor Advisory
http://marc.info/?l=bugtraq&m=109698896104418&w=2
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.kb.cert.org/vuls/id/414240	Third Party Advisory US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.securityfocus.com/bid/11174	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-261A.html	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
http://bugzilla.mozilla.org/show_bug.cgi?id=257314	Vendor Advisory
http://marc.info/?l=bugtraq&m=109698896104418&w=2
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.kb.cert.org/vuls/id/414240	Third Party Advisory US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.securityfocus.com/bid/11174	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-261A.html	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
	cpe:2.3:o:conectiva:linux:9.0:::::::*
	cpe:2.3:o:conectiva:linux:10.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:7.3::i386:::::
	cpe:2.3:o:redhat:linux:7.3::i686:::::
	cpe:2.3:o:redhat:linux:9.0::i386:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
	cpe:2.3:o:suse:suse_linux:1.0::desktop:::::
	cpe:2.3:o:suse:suse_linux:8::enterprise_server:::::
	cpe:2.3:o:suse:suse_linux:8.1:::::::*
	cpe:2.3:o:suse:suse_linux:8.2:::::::*
	cpe:2.3:o:suse:suse_linux:9.0:::::::*
	cpe:2.3:o:suse:suse_linux:9.0::enterprise_server:::::
	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
	cpe:2.3:o:suse:suse_linux:9.1:::::::*

History

20 Nov 2024, 23:49

Type	Values Removed	Values Added
References	~~() http://bugzilla.mozilla.org/show_bug.cgi?id=257314 - Vendor Advisory~~	() http://bugzilla.mozilla.org/show_bug.cgi?id=257314 - Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=109698896104418&w=2 -~~	() http://marc.info/?l=bugtraq&m=109698896104418&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=109900315219363&w=2 -~~	() http://marc.info/?l=bugtraq&m=109900315219363&w=2 -
References	~~() http://security.gentoo.org/glsa/glsa-200409-26.xml -~~	() http://security.gentoo.org/glsa/glsa-200409-26.xml -
References	~~() http://www.kb.cert.org/vuls/id/414240 - Third Party Advisory, US Government Resource~~	() http://www.kb.cert.org/vuls/id/414240 - Third Party Advisory, US Government Resource
References	~~() http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 -~~	() http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 -
References	~~() http://www.novell.com/linux/security/advisories/2004_36_mozilla.html -~~	() http://www.novell.com/linux/security/advisories/2004_36_mozilla.html -
References	~~() http://www.securityfocus.com/bid/11174 - Vendor Advisory~~	() http://www.securityfocus.com/bid/11174 - Vendor Advisory
References	~~() http://www.us-cert.gov/cas/techalerts/TA04-261A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA04-261A.html - US Government Resource
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 -

Information

Published : 2005-01-27 05:00

Updated : 2024-11-20 23:49

NVD link : CVE-2004-0903

Mitre link : CVE-2004-0903

CVE.ORG link : CVE-2004-0903

JSON object : View

Products Affected

redhat

fedora_core
linux
enterprise_linux_desktop
enterprise_linux
linux_advanced_workstation

suse

suse_linux

mozilla

mozilla
thunderbird

conectiva

linux

CWE

NVD-CWE-Other

10.0 /10