| Vulnerability Name: | CVE-2004-0566 (CCN-15210) | ||||||||||||||||||||||||
| Assigned: | 2004-02-14 | ||||||||||||||||||||||||
| Published: | 2004-02-14 | ||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||
| Summary: | Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Sun Feb 15 2004 - 00:08:59 CST IE 5 remote code execution Source: FULLDISC Type: Exploit, Vendor Advisory 20040215 GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Source: MITRE Type: CNA CVE-2004-0566 Source: CCN Type: CIAC Information Bulletin 0-191 Microsoft Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: US-CERT VU#266926 Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files Source: CERT-VN Type: US Government Resource VU#266926 Source: CCN Type: Microsoft Security Bulletin MS04-025 Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: CCN Type: BID-9663 Microsoft Internet Explorer Bitmap Processing Integer Overflow Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA04-212A Source: CCN Type: Internet Security Systems Protection Alert July 30, 2004 Multiple Vulnerabilities in Microsoft Internet Explorer Source: MS Type: UNKNOWN MS04-025 Source: XF Type: UNKNOWN ie-bmp-integer-overflow(15210) Source: XF Type: UNKNOWN ie-bmp-integer-overflow(15210) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:216 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:306 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:322 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:507 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:515 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||