| Vulnerability Name: | CVE-2004-0978 (CCN-17714) | ||||||||
| Assigned: | 2004-10-12 | ||||||||
| Published: | 2004-10-12 | ||||||||
| Updated: | 2020-12-09 | ||||||||
| Summary: | Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-787 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Oct 13 2004 - 09:37:26 CDT MSN Gaming Heartbeat Component Buffer Overflow Source: MITRE Type: CNA CVE-2004-0978 Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory 20050119 MSN Heartbeat Control Buffer Overflow Source: CCN Type: US-CERT VU#673134 Microsoft MSN Hrtbeat.ocx ActiveX control contains unspecified vulnerability Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#673134 Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR19012005d MSN Heartbeat Control Buffer Overflow Source: MISC Type: Broken Link http://www.ngssoftware.com/advisories/heartbeatfull.txt Source: CCN Type: OSVDB ID: 10756 Microsoft MSN heartbeat.ocx Component Overflow Source: BID Type: Third Party Advisory, VDB Entry 11367 Source: CCN Type: BID-11367 Microsoft Internet Explorer Heartbeat ActiveX Control Unspecified Vulnerability Source: MS Type: Patch, Vendor Advisory MS04-038 Source: XF Type: Third Party Advisory, VDB Entry heartbeat-activex(17714) Source: XF Type: UNKNOWN heartbeat-activex(17714) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||