Vulnerability Name: | CVE-2004-1922 (CCN-21071) | ||||||||
Assigned: | 2004-04-11 | ||||||||
Published: | 2004-04-11 | ||||||||
Updated: | 2021-07-23 | ||||||||
Summary: | Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Denial of Service | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-1922 Source: BUGTRAQ Type: UNKNOWN 20040411 Microsoft Internet Explorer BMP file memory DoS vulnerability Source: CCN Type: BugTraq Mailing List, Sunday, April 11, 2004 Microsoft Internet Explorer BMP file memory DoS vulnerability Source: CCN Type: Microsoft Internet Explorer Web page Internet Explorer Home Source: CCN Type: OSVDB ID: 17158 Microsoft IE Crafted BMP Size Setting DoS Source: XF Type: UNKNOWN ie-bmp-memory-dos(21071) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |