QwikSec

Security Database

CVE

CWE

Training

CVE-2004-0842

Published: Sep 14, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20040728 Re: Crash IE with 11 bytes ;)

mailing-list

x_refsource_FULLDISC

oval:org.mitre.oval:def:4169

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_MS

http://www.securiteam.com/exploits/5NP042KF5A.html

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

oval:org.mitre.oval:def:2906

vdb-entry

signature

x_refsource_OVAL

20040723 Crash IE with 11 bytes ;)

mailing-list

x_refsource_FULLDISC

http://www.ecqurity.com/adv/IEstyle.html

x_refsource_MISC

oval:org.mitre.oval:def:5592

vdb-entry

signature

x_refsource_OVAL

ie-popupshow-perform-actions(16675)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

20040728 Re: Crash IE with 11 bytes ;)

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

government-resource

x_refsource_CIAC

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:6579

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:3372

vdb-entry

signature

x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.