CVE-2002-1185Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
29.2%
top 3.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 11
Latest updateApr 30

Description

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

Patches

Patch: www.iss.netPatch: www.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-22c7-cppf-fmqm: Internet Explorer 52022-04-30
CVEList
CVE-2002-1185: Internet Explorer 52004-09-01
CVE-2002-1185 — Microsoft vulnerability | cvebase