{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050119 MSN Heartbeat Control Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110616221411579&w=2"}, {"name": "VU#673134", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/673134"}, {"name": "MS04-038", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"}, {"name": "heartbeat-activex(17714)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17714"}, {"name": "11367", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11367"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ngssoftware.com/advisories/heartbeatfull.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0978", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050119 MSN Heartbeat Control Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110616221411579&w=2"}, {"name": "VU#673134", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/673134"}, {"name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"}, {"name": "heartbeat-activex(17714)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17714"}, {"name": "11367", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11367"}, {"name": "http://www.ngssoftware.com/advisories/heartbeatfull.txt", "refsource": "MISC", "url": "http://www.ngssoftware.com/advisories/heartbeatfull.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0978", "datePublished": "2004-10-21T04:00:00", "dateReserved": "2004-10-20T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "530FC172-94E1-481A-9810-26061D22B6AC", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E44D629-D3EB-4F67-BF67-B25910453562", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*", "matchCriteriaId": "0C69B5E6-D1AF-46F1-8AE6-DD5D4E3D9160", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3527F41-A6ED-437D-9833-458A2C60C2A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E3C43D05-40F8-4769-BA6B-A376420EA972", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:-:*:*:*:*:x64:*", "matchCriteriaId": "B05F3F57-3678-46E2-9963-7B986C2AEFAF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "530FC172-94E1-481A-9810-26061D22B6AC", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2354216-8103-49F9-A95C-7DE4F738BBEE", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E44D629-D3EB-4F67-BF67-B25910453562", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:*:*", "matchCriteriaId": "5CEEF2F5-BE40-435C-865B-2D5DDF7C9F5E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "matchCriteriaId": "14F55877-A759-4C8A-84D5-70508E449799", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter."}], "id": "CVE-2004-0978", "lastModified": "2020-12-09T18:35:02.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-02-09T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=110616221411579&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/673134"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.ngssoftware.com/advisories/heartbeatfull.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/11367"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17714"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}