CVE-2004-0842 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2004-0842
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0842

Description: Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16675 SAID Secunia Advisory: SA12806 OVAL http://oval.mitre.org/oval/definitions/data/oval6579.html http://oval.mitre.org/oval/definitions/data/oval5592.html http://oval.mitre.org/oval/definitions/data/oval4169.html http://oval.mitre.org/oval/definitions/data/oval3372.html http://oval.mitre.org/oval/definitions/data/oval2906.html MS http://www.microsoft.com/technet/security/bulletin/ms04-038.asp MISC http://www.ecqurity.com/adv/IEstyle.html http://www.securiteam.com/exploits/5NP042KF5A.html FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=109102919426844&w=2 http://marc.theaimsgroup.com/?l=full-disclosure&m=109060455614702&w=2 CIAC http://www.ciac.org/ciac/bulletins/p-006.shtml CERT-VN 291304 CERT http://www.us-cert.gov/cas/techalerts/TA04-293A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=109107496214572&w=2 BID 10816

Return to the previous page.