Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1185


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1185
Last Modified 10 Sep 2008 03:14:01
Published 11 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

Vulnerable Systems


  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


MS - MS02-066

XF - ie-png-bo(10662)

BID - 6216

EEYE - AD20021211

BUGTRAQ - 20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability

VULNWATCH - 20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability

Last Updated: 27 May 2016 10:37:14