CVE-2004-0978

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

History

No history.

Information

Published : 2005-02-09 05:00

Updated : 2024-02-28 10:42


NVD link : CVE-2004-0978

Mitre link : CVE-2004-0978

CVE.ORG link : CVE-2004-0978


JSON object : View

Products Affected

microsoft

  • windows_me
  • windows_nt
  • windows_xp
  • windows_98se
  • windows_2000
  • windows_server_2003
  • internet_explorer
CWE
CWE-787

Out-of-bounds Write