Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1091

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1091
Last Modified 05 Sep 2008 04:29:45
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1091

Summary

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

Vulnerable Systems

Application

  • Mozilla 0.9.5

  • Mozilla 0.9.6

  • Mozilla 0.9.7

  • Mozilla 0.9.8

  • Mozilla 0.9.9

  • Mozilla 1.0

  • Netscape Navigator 6.2

  • Netscape Navigator 6.2.1

  • Netscape Navigator 6.2.2

  • Netscape Navigator 6.2.3

  • Opera Software Opera Web Browser 5.12

  • Opera Software Opera Web Browser 6.0

  • Opera Software Opera Web Browser 6.0.1


References

BID - 5665

REDHAT - RHSA-2002:192

XF - netscape-zero-gif-bo(10058)

BUGTRAQ - 20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs

MISC - http://crash.ihug.co.nz/~Sneuro/zerogif/

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=157989

REDHAT - RHSA-2003:046

MANDRAKE - MDKSA-2002:075


Last Updated: 27 May 2016 10:37:11