VDB
CVE-2004-0842
CVE-2004-0842
PUBLISHED
CVSS 7.5 HIGH
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
EPSS 79.47% · 99.1th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
79.47%
99.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| avaya | modular_messaging_message_storage_server | 2.0, 1.1 |
| avaya | definity_one_media_server | |
| avaya | s8100 | |
| microsoft | internet_explorer | 5.0.1, 6.0, 5.0.1 |
| microsoft | ie | 6.0 |
| avaya | ip600_media_servers | |
| avaya | s3400 |
Timeline
- Sep 14, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 20040728 Re: Crash IE with 11 bytes ;) mailing-list
- oval:org.mitre.oval:def:4169 vdb
- MS04-038 vendor-advisory
- http://www.securiteam.com/exploits/5NP042KF5A.html url
- VU#291304 third-party-advisory
- oval:org.mitre.oval:def:2906 vdb
- 20040723 Crash IE with 11 bytes ;) mailing-list
- http://www.ecqurity.com/adv/IEstyle.html url
- oval:org.mitre.oval:def:5592 vdb
- ie-popupshow-perform-actions(16675) vdb
- TA04-293A third-party-advisory
- 20040728 Re: Crash IE with 11 bytes ;) mailing-list
- 12806 third-party-advisory
- P-006 third-party-advisory
- 10816 vdb
- oval:org.mitre.oval:def:6579 vdb
- oval:org.mitre.oval:def:3372 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0842 advisory