CVE-2004-0842

Published: Dec 23, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Affected (16)

Products: Avaya: Definity One Media Server, Ip600 Media Servers, S3400, S8100, Modular Messaging Message Storage Server · Microsoft: Ie, Internet Explorer

5 products

Definity One Media Server

Ip600 Media Servers

Modular Messaging Message Storage Server

2 products

Internet Explorer

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Avaya Definity One Media Server	All versions
Avaya Ip600 Media Servers	All versions
Avaya S3400	All versions
Avaya S8100	All versions
Microsoft Ie	Version 6.0 sp1
Microsoft Internet Explorer	Version 5.0.1
Microsoft Internet Explorer	Version 5.0.1 sp1
Microsoft Internet Explorer	Version 5.0.1 sp2
Microsoft Internet Explorer	Version 5.0.1 sp3
Microsoft Internet Explorer	Version 5.0.1 sp4
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 5.5 sp1
Microsoft Internet Explorer	Version 5.5 sp2
Microsoft Internet Explorer	Version 6.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Modular Messaging Message Storage Server	Version 1.1
Avaya Modular Messaging Message Storage Server	Version 2.0

References (34)

http://marc.info/?l=bugtraq&m=109107496214572&w=2

Source: cve@mitre.org

http://marc.info/?l=full-disclosure&m=109060455614702&w=2

Source: cve@mitre.org

http://marc.info/?l=full-disclosure&m=109102919426844&w=2

Source: cve@mitre.org

http://secunia.com/advisories/12806

Source: cve@mitre.org

http://www.ciac.org/ciac/bulletins/p-006.shtml

Source: cve@mitre.org

http://www.ecqurity.com/adv/IEstyle.html

Source: cve@mitre.org

ExploitVendor Advisory

http://www.kb.cert.org/vuls/id/291304

Source: cve@mitre.org

US Government Resource

http://www.securiteam.com/exploits/5NP042KF5A.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/10816

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-293A.html

Source: cve@mitre.org

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/16675

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109107496214572&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=full-disclosure&m=109060455614702&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=full-disclosure&m=109102919426844&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/12806

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ciac.org/ciac/bulletins/p-006.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ecqurity.com/adv/IEstyle.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.kb.cert.org/vuls/id/291304

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securiteam.com/exploits/5NP042KF5A.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10816

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-293A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/16675

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.