Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0978

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0978
Last Modified 20 Oct 2005 12:00:00
Published 09 Feb 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0978

Summary

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.

Vulnerable Systems


References

CERT-VN - VU#673134

XF - heartbeat-activex(17714)

BID - 11367

MISC - http://www.ngssoftware.com/advisories/heartbeatfull.txt

MS - MS04-038

BUGTRAQ - 20050119 MSN Heartbeat Control Buffer Overflow


Last Updated: 27 May 2016 10:38:50