Search
Find a vulnerability
Search criteria
12 vulnerabilities found for s3400 by avaya
CVE-2007-2374 (GCVE-0-2007-2374)
Vulnerability from nvd – Published: 2007-04-30 23:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/35637 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://research.eeye.com/html/advisories/upcoming… | x_refsource_MISC |
| http://www.securityfocus.com/bid/23332 | vdb-entryx_refsource_BID |
Date Public
2007-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35637"
},
{
"name": "win-unspecified-code-execution(34444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
},
{
"name": "23332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35637"
},
{
"name": "win-unspecified-code-execution(34444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
},
{
"name": "23332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35637",
"refsource": "OSVDB",
"url": "http://osvdb.org/35637"
},
{
"name": "win-unspecified-code-execution(34444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070327.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
},
{
"name": "23332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2374",
"datePublished": "2007-04-30T23:00:00.000Z",
"dateReserved": "2007-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1765 (GCVE-0-2007-1765)
Vulnerability from nvd – Published: 2007-03-30 00:00 – Updated: 2024-08-07 13:06
VLAI
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/464287/100… | mailing-listx_refsource_BUGTRAQ |
| http://research.eeye.com/html/alerts/zeroday/2007… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/464345/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/1151 | vdb-entryx_refsource_VUPEN |
| http://vil.nai.com/vil/content/v_141860.htm | x_refsource_MISC |
| http://www.avertlabs.com/research/blog/?p=230 | x_refsource_MISC |
| http://www.securityfocus.com/bid/23194 | vdb-entryx_refsource_BID |
| http://www.microsoft.com/technet/security/advisor… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1017827 | vdb-entryx_refsource_SECTRACK |
| http://www.avertlabs.com/research/blog/?p=233 | x_refsource_MISC |
| http://asert.arbornetworks.com/2007/03/any-ani-fi… | x_refsource_MISC |
Date Public
2007-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"name": "http://research.eeye.com/html/alerts/zeroday/20070328.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"name": "http://vil.nai.com/vil/content/v_141860.htm",
"refsource": "MISC",
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=230",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23194"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/935423.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017827"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=233",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"name": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/",
"refsource": "MISC",
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1765",
"datePublished": "2007-03-30T00:00:00.000Z",
"dateReserved": "2007-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:26.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1050 (GCVE-0-2004-1050)
Vulnerability from nvd – Published: 2004-11-18 05:00 – Updated: 2024-08-08 00:38
VLAI
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/842160 | third-party-advisoryx_refsource_CERT-VN |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://marc.info/?l=bugtraq&m=109942758911846&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/11515 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.us-cert.gov/cas/techalerts/TA04-315A.html | third-party-advisoryx_refsource_CERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/12959/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/379261 | mailing-listx_refsource_BUGTRAQ |
| http://www.us-cert.gov/cas/techalerts/TA04-336A.html | third-party-advisoryx_refsource_CERT |
Date Public
2004-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#842160",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#842160",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#842160",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1050",
"datePublished": "2004-11-18T05:00:00.000Z",
"dateReserved": "2004-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:38:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0841 (GCVE-0-2004-0841)
Vulnerability from nvd – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2004-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#413886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0841",
"datePublished": "2004-09-14T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0842 (GCVE-0-2004-0842)
Vulnerability from nvd – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2004-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "http://www.securiteam.com/exploits/5NP042KF5A.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"name": "http://www.ecqurity.com/adv/IEstyle.html",
"refsource": "MISC",
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0842",
"datePublished": "2004-09-14T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0839 (GCVE-0-2004-0839)
Vulnerability from nvd – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2004-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0839",
"datePublished": "2004-09-14T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2374 (GCVE-0-2007-2374)
Vulnerability from cvelistv5 – Published: 2007-04-30 23:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/35637 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://research.eeye.com/html/advisories/upcoming… | x_refsource_MISC |
| http://www.securityfocus.com/bid/23332 | vdb-entryx_refsource_BID |
Date Public
2007-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35637"
},
{
"name": "win-unspecified-code-execution(34444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
},
{
"name": "23332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35637"
},
{
"name": "win-unspecified-code-execution(34444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
},
{
"name": "23332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35637",
"refsource": "OSVDB",
"url": "http://osvdb.org/35637"
},
{
"name": "win-unspecified-code-execution(34444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34444"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070327.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070327.html"
},
{
"name": "23332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2374",
"datePublished": "2007-04-30T23:00:00.000Z",
"dateReserved": "2007-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1765 (GCVE-0-2007-1765)
Vulnerability from cvelistv5 – Published: 2007-03-30 00:00 – Updated: 2024-08-07 13:06
VLAI
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/464287/100… | mailing-listx_refsource_BUGTRAQ |
| http://research.eeye.com/html/alerts/zeroday/2007… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/464345/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/1151 | vdb-entryx_refsource_VUPEN |
| http://vil.nai.com/vil/content/v_141860.htm | x_refsource_MISC |
| http://www.avertlabs.com/research/blog/?p=230 | x_refsource_MISC |
| http://www.securityfocus.com/bid/23194 | vdb-entryx_refsource_BID |
| http://www.microsoft.com/technet/security/advisor… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1017827 | vdb-entryx_refsource_SECTRACK |
| http://www.avertlabs.com/research/blog/?p=233 | x_refsource_MISC |
| http://asert.arbornetworks.com/2007/03/any-ani-fi… | x_refsource_MISC |
Date Public
2007-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"name": "http://research.eeye.com/html/alerts/zeroday/20070328.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"name": "http://vil.nai.com/vil/content/v_141860.htm",
"refsource": "MISC",
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=230",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23194"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/935423.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017827"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=233",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"name": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/",
"refsource": "MISC",
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1765",
"datePublished": "2007-03-30T00:00:00.000Z",
"dateReserved": "2007-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:26.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1050 (GCVE-0-2004-1050)
Vulnerability from cvelistv5 – Published: 2004-11-18 05:00 – Updated: 2024-08-08 00:38
VLAI
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/842160 | third-party-advisoryx_refsource_CERT-VN |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://marc.info/?l=bugtraq&m=109942758911846&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/11515 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.us-cert.gov/cas/techalerts/TA04-315A.html | third-party-advisoryx_refsource_CERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/12959/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/379261 | mailing-listx_refsource_BUGTRAQ |
| http://www.us-cert.gov/cas/techalerts/TA04-336A.html | third-party-advisoryx_refsource_CERT |
Date Public
2004-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#842160",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#842160",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#842160",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1050",
"datePublished": "2004-11-18T05:00:00.000Z",
"dateReserved": "2004-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:38:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0841 (GCVE-0-2004-0841)
Vulnerability from cvelistv5 – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2004-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#413886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0841",
"datePublished": "2004-09-14T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0839 (GCVE-0-2004-0839)
Vulnerability from cvelistv5 – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2004-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0839",
"datePublished": "2004-09-14T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0842 (GCVE-0-2004-0842)
Vulnerability from cvelistv5 – Published: 2004-09-14 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2004-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "http://www.securiteam.com/exploits/5NP042KF5A.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"name": "http://www.ecqurity.com/adv/IEstyle.html",
"refsource": "MISC",
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0842",
"datePublished": "2004-09-14T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}