Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0903

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0903
Last Modified 21 Aug 2010 12:21:27
Published 27 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0903

Summary

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 1.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

  • Redhat Linux Advanced Workstation 2.1

  • Suse Linux 1.0

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

Application

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.7.1

  • Mozilla Thunderbird 0.7.2

  • Mozilla Thunderbird 0.7.3


References

CERT - TA04-261A

CERT-VN - VU#414240

XF - mozilla-netscape-nsvcardobj-bo(17380)

BID - 11174

SUSE - SUSE-SA:2004:036

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

GENTOO - GLSA-200409-26

FEDORA - FLSA:2089

HP - SSRT4826

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=257314


Last Updated: 27 May 2016 10:38:48