Microsoft Internet Explorer up to 6.1 SP2 CSS heap-based overflow
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Microsoft Internet Explorer up to 6.1 SP2 and classified as critical. This affects an unknown function of the component CSS. This manipulation with the input [STYLE]@;/* causes heap-based overflow.
This vulnerability is registered as CVE-2004-0842. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
It is advised to substitute the affected component with an alternative.
Details
A vulnerability was found in Microsoft Internet Explorer up to 6.1 SP2 (Web Browser). It has been declared as critical. Affected by this vulnerability is an unknown part of the component CSS. The manipulation with the input value [STYLE]@;/* leads to a heap-based overflow vulnerability. The CWE definition for the vulnerability is CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). As an impact it is known to affect availability. The summary by CVE is:
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
The weakness was published 07/04/2004 by Phuong Nguyen (SkyLined) (Website). The advisory is shared at ecqurity.com. This vulnerability is known as CVE-2004-0842 since 09/08/2004. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details and also a public exploit are known.
It is possible to download the exploit at ecqurity.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 10861 (MS02-005: MSIE 5.01 5.5 6.0 Cumulative Patch (890923)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100018 (Microsoft Internet Explorer Multiple Vulnerabilities (MS04-038)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at windowsupdate.microsoft.com. The problem might be mitigated by replacing the product with as an alternative. The best possible mitigation is suggested to be establishing an alternative product.
The vulnerability is also documented in the databases at X-Force (16675), Exploit-DB (24328), Tenable (10861), SecurityFocus (BID 10816†) and OSVDB (10710†). Additional details are provided at heise.de. Similar entries are available at VDB-3, VDB-45, VDB-257 and VDB-285. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Heap-based overflowCWE: CWE-122 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 10861
Nessus Name: MS02-005: MSIE 5.01 5.5 6.0 Cumulative Patch (890923)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 10861
OpenVAS Name: IE 5.01 5.5 6.0 Cumulative patch (890923)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: AlternativeStatus: 🔍
0-Day Time: 🔍
Patch: windowsupdate.microsoft.com
Timeline
07/04/2004 🔍07/06/2004 🔍
07/28/2004 🔍
09/08/2004 🔍
10/12/2004 🔍
12/23/2004 🔍
11/03/2005 🔍
09/16/2025 🔍
Sources
Vendor: microsoft.comAdvisory: ecqurity.com
Researcher: Phuong Nguyen (SkyLined)
Status: Confirmed
CVE: CVE-2004-0842 (🔍)
GCVE (CVE): GCVE-0-2004-0842
GCVE (VulDB): GCVE-100-745
OVAL: 🔍
CERT: 🔍
X-Force: 16675 - Microsoft Internet Explorer popup.show allows attacker to perform actions
SecurityFocus: 10816 - Microsoft Internet Explorer Style Tag Comment Memory Corruption Vulnerability
Secunia: 12806 - Internet Explorer Multiple Vulnerabilities, Extremely Critical
OSVDB: 10710
SecuriTeam: securiteam.com
Vulnerability Center: 5541
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 07/06/2004 11:26Updated: 09/16/2025 14:33
Changes: 07/06/2004 11:26 (88), 04/07/2017 12:00 (3), 03/09/2021 15:31 (3), 07/04/2024 23:44 (16), 01/02/2025 18:40 (7), 09/16/2025 14:33 (2)
Complete: 🔍
Cache ID: 216:FF1:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.