CVE-2004-0978

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.

Published: Feb 9, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0978
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.01-sp4	5.01-sp4.x
microsoft / internet_explorer	5.01-sp3	5.01-sp3.x
microsoft / internet_explorer	5.5-sp2	5.5-sp2.x
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	6-sp1	6-sp1.x

http://marc.info/?l=bugtraq&m=110616221411579&w=2
http://www.kb.cert.org/vuls/id/673134
http://www.ngssoftware.com/advisories/heartbeatfull.txt
http://www.securityfocus.com/bid/11367
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
https://exchange.xforce.ibmcloud.com/vulnerabilities/17714

Vulnerability Database

290,273

CVE-2004-0978