Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2434Use of Externally-Controlled Format String in Microsoft IE

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
8.6%
top 7.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedDec 31
Latest updateApr 29

Description

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-mvm2-v72c-76wc: Microsoft Internet Explorer 62022-04-29
CVEList
CVE-2004-2434: Microsoft Internet Explorer 62005-08-18

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash2004-08-04
CVE-2004-2434 — Microsoft IE vulnerability | cvebase