Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0469

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0469
Last Modified 10 Sep 2008 03:19:05
Published 07 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0469

Summary

Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

CERT-VN - VU#823260

CERT - CA-2003-14

MS - MS03-023

BUGTRAQ - 20030622 Internet Explorer >=5.0 : Buffer overflow

FULLDISC - 20030625 Re: Internet Explorer >=5.0 : Buffer overflow

FULLDISC - 20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).

BID - 8016


Last Updated: 27 May 2016 10:37:56