Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110616221411579&w=2 | Issue Tracking Third Party Advisory |
http://www.kb.cert.org/vuls/id/673134 | Third Party Advisory US Government Resource |
http://www.ngssoftware.com/advisories/heartbeatfull.txt | Broken Link |
http://www.securityfocus.com/bid/11367 | Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17714 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2005-02-09 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2004-0978
Mitre link : CVE-2004-0978
CVE.ORG link : CVE-2004-0978
JSON object : View
Products Affected
microsoft
- windows_me
- windows_nt
- windows_xp
- windows_98se
- windows_2000
- windows_server_2003
- internet_explorer
CWE
CWE-787
Out-of-bounds Write