CVE-2004-0978 — Out-of-bounds Write in Microsoft Internet Explorer

CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

42.2%

top 2.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedFeb 9

Latest updateApr 29

Description

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.01, 5.5, 6+2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-h49w-j46g-48x6: Heap-based buffer overflow in the Hrtbeat↗2022-04-29

▶