Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-025 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Security Update for Internet Explorer (867801) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-415 | Double Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1133 | |||
Oval ID: | oval:org.mitre.oval:def:1133 | ||
Title: | Scob and Toofer Internet Explorer v6.0,SP1 Vulnerabilities | ||
Description: | The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0549 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1793 | |||
Oval ID: | oval:org.mitre.oval:def:1793 | ||
Title: | IE v6.0 Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:206 | |||
Oval ID: | oval:org.mitre.oval:def:206 | ||
Title: | IE v5.01,SP2 Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:207 | |||
Oval ID: | oval:org.mitre.oval:def:207 | ||
Title: | Scob and Toofer Internet Explorer v6.0,SP1 for Server 2003 Vulnerabilities | ||
Description: | The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0549 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2100 | |||
Oval ID: | oval:org.mitre.oval:def:2100 | ||
Title: | IE v5.5,SP2 Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:212 | |||
Oval ID: | oval:org.mitre.oval:def:212 | ||
Title: | IE v5.01,SP3 Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:216 | |||
Oval ID: | oval:org.mitre.oval:def:216 | ||
Title: | IE v5.01,SP4 Bitmap Integer Overflow Vulnerability | ||
Description: | Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0566 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:236 | |||
Oval ID: | oval:org.mitre.oval:def:236 | ||
Title: | IE v6.0,SP1 Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:241 | |||
Oval ID: | oval:org.mitre.oval:def:241 | ||
Title: | Scob and Toofer Internet Explorer v5.5,SP2 Vulnerabilities | ||
Description: | The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0549 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:306 | |||
Oval ID: | oval:org.mitre.oval:def:306 | ||
Title: | IE v5.01,SP3 Bitmap Integer Overflow Vulnerability | ||
Description: | Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0566 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:322 | |||
Oval ID: | oval:org.mitre.oval:def:322 | ||
Title: | IE v5.5,SP2 Bitmap Integer Overflow Vulnerability | ||
Description: | Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0566 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:507 | |||
Oval ID: | oval:org.mitre.oval:def:507 | ||
Title: | IE v6.0 Bitmap Integer Overflow Vulnerability | ||
Description: | Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0566 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:509 | |||
Oval ID: | oval:org.mitre.oval:def:509 | ||
Title: | IE v5.01,SP4 Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:515 | |||
Oval ID: | oval:org.mitre.oval:def:515 | ||
Title: | IE v5.01,SP2 Bitmap Integer Overflow Vulnerability | ||
Description: | Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0566 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:517 | |||
Oval ID: | oval:org.mitre.oval:def:517 | ||
Title: | IE v6.0,SP1 (Server 2003) Malformed GIF Image Double-free Vulnerability | ||
Description: | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1048 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:519 | |||
Oval ID: | oval:org.mitre.oval:def:519 | ||
Title: | Scob and Toofer Internet Explorer v6.0 Vulnerabilities | ||
Description: | The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0549 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
8277 | Microsoft IE Malformed GIF Double-free DoS Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered by a double-free when a malformed GIF image is processed by mshtml.dll, and will result in loss of availability for the program. |
8276 | Microsoft IE Malformed BMP Overflow A local integer overflow exists in Internet Explorer. imgbmp.cxx fails to validate image data in files with a large bfOffBits value resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
8275 | Microsoft IE Navigation Cross Domain Execution (InsiderPrototype) Internet Explorer contains a flaw that may allow a malicious web site operator to execute arbitrary code on a client PC. The issue is triggered when an attacker exploits a flaw in the IE cross-domain security model by using the showModalDialog method to modify the location to execute code. This can be done via delayed HTTP redirect operations and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or modifying the location attribute of the window. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
6963 | Microsoft IE Address Bar Spoofing |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer ADODB.Stream ActiveX function call access RuleID : 8063 - Revision : 19 - Type : BROWSER-PLUGINS |
2014-01-10 | ADODB.Stream ActiveX CLSID unicode access RuleID : 8062 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Adodb.Stream ActiveX Object Access CreateObject F... RuleID : 4983 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer Adodb.Stream ActiveX object access RuleID : 4982 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow ... RuleID : 3685 - Revision : 14 - Type : BROWSER-IE |
2014-01-16 | Microsoft Internet Explorer malformed GIF double-free remote code execution a... RuleID : 28975 - Revision : 2 - Type : BROWSER-IE |
2014-01-16 | Microsoft Internet Explorer malformed GIF double-free remote code execution a... RuleID : 28974 - Revision : 3 - Type : BROWSER-IE |
2014-01-16 | Microsoft Internet Explorer malformed GIF double-free remote code execution a... RuleID : 28973 - Revision : 2 - Type : BROWSER-IE |
2014-01-16 | Microsoft Internet Explorer malformed GIF double-free remote code execution a... RuleID : 28972 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt RuleID : 2671-community - Revision : 18 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt RuleID : 2671 - Revision : 18 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt RuleID : 25853 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | local resource redirection attempt RuleID : 2577-community - Revision : 10 - Type : FILE-OTHER |
2014-01-10 | local resource redirection attempt RuleID : 2577 - Revision : 10 - Type : FILE-OTHER |
Alert History
Date | Informations |
---|---|
2020-08-06 21:22:59 |
|
2014-01-19 21:29:52 |
|