Vulnerability Details : CVE-2004-0978
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2004-0978
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0978
26.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0978
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2004-0978
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0978
-
http://www.securityfocus.com/bid/11367
Third Party Advisory;VDB Entry
-
http://www.ngssoftware.com/advisories/heartbeatfull.txt
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17714
Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/673134
Third Party Advisory;US Government Resource
-
http://marc.info/?l=bugtraq&m=110616221411579&w=2
Issue Tracking;Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
Patch;Vendor Advisory
Jump to