CVE-2003-1048

CWE-415 CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

33.2%

top 3.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Microsoft Outlook Microsoft Windows NT

Timeline

PublishedJul 27

Latest updateApr 29

Description

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/internet_explorer5.01, 5.5, 6.0+2

▶NVDmicrosoft/outlook2000

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9c7h-3j4x-5hw6: Double free vulnerability in mshtml↗2022-04-29

▶

CVEList

CVE-2003-1048: Double free vulnerability in mshtml↗2004-07-21

▶