Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Windows Me
  • Windows 98se
  • Windows 98
  • Windows Server 2003
  • Outlook
  • Internet Explorer
  • Windows Nt
  • Windows Xp

Configuration 1 [-]

OR cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2000:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:workstation:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html Broken Link
http://www.ciac.org/ciac/bulletins/o-191.shtml Broken Link
http://www.kb.cert.org/vuls/id/685364 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/8530 Broken Link Third Party Advisory VDB Entry Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-212A.html Broken Link Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16804 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517 Broken Link
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-07-21T04:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2004-07-20T00:00:00

Link: CVE-2003-1048

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2004-07-27T04:00:00.000

Modified: 2024-02-02T15:23:21.837

Link: CVE-2003-1048

JSON object: View

cve-icon Redhat Information

No data.

CWE