Executive Summary

Informations
NameCVE-2003-1048First vendor Publication2004-07-27
VendorCveLast vendor Modification2018-10-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1048

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:517
 
Oval ID: oval:org.mitre.oval:def:517
Title: IE v6.0,SP1 (Server 2003) Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 6
Platform(s): Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:509
 
Oval ID: oval:org.mitre.oval:def:509
Title: IE v5.01,SP4 Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 5
Platform(s): Microsoft Windows 2000
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:236
 
Oval ID: oval:org.mitre.oval:def:236
Title: IE v6.0,SP1 Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 5
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:212
 
Oval ID: oval:org.mitre.oval:def:212
Title: IE v5.01,SP3 Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 4
Platform(s): Microsoft Windows 2000
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2100
 
Oval ID: oval:org.mitre.oval:def:2100
Title: IE v5.5,SP2 Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 3
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:206
 
Oval ID: oval:org.mitre.oval:def:206
Title: IE v5.01,SP2 Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 4
Platform(s): Microsoft Windows 2000
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1793
 
Oval ID: oval:org.mitre.oval:def:1793
Title: IE v6.0 Malformed GIF Image Double-free Vulnerability
Description: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2003-1048
Version: 4
Platform(s): Microsoft Windows XP
Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8
Application7

OpenVAS Exploits

DateDescription
2005-11-03Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
8277Microsoft IE Malformed GIF Double-free DoS

Snort® IPS/IDS

DateDescription
2014-01-10ADODB.Stream ActiveX CLSID unicode access
RuleID : 8062 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10Microsoft Internet Explorer Adodb.Stream ActiveX Object Access CreateObject F...
RuleID : 4983 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10Microsoft Internet Explorer Adodb.Stream ActiveX object access
RuleID : 4982 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow ...
RuleID : 3685 - Revision : 14 - Type : BROWSER-IE
2014-01-16Microsoft Internet Explorer malformed GIF double-free remote code execution a...
RuleID : 28975 - Revision : 2 - Type : BROWSER-IE
2014-01-16Microsoft Internet Explorer malformed GIF double-free remote code execution a...
RuleID : 28974 - Revision : 3 - Type : BROWSER-IE
2014-01-16Microsoft Internet Explorer malformed GIF double-free remote code execution a...
RuleID : 28973 - Revision : 2 - Type : BROWSER-IE
2014-01-16Microsoft Internet Explorer malformed GIF double-free remote code execution a...
RuleID : 28972 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt
RuleID : 2671-community - Revision : 18 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt
RuleID : 2671 - Revision : 18 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt
RuleID : 25853 - Revision : 2 - Type : BROWSER-IE

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/8530
CERT http://www.us-cert.gov/cas/techalerts/TA04-212A.html
CERT-VN http://www.kb.cert.org/vuls/id/685364
CIAC http://www.ciac.org/ciac/bulletins/o-191.shtml
FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04...
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/16804

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2018-10-13 00:22:28
  • Multiple Updates
2017-10-11 09:23:19
  • Multiple Updates
2017-07-11 12:01:19
  • Multiple Updates
2016-04-26 12:39:41
  • Multiple Updates
2014-01-19 21:22:03
  • Multiple Updates
2013-05-11 11:53:31
  • Multiple Updates