CVE-2004-0978: Buffer Overflow
First published: Thu Oct 21 2004(Updated: )
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =5.01-sp3 | |
| Internet Explorer | =5.01-sp4 | |
| Microsoft Windows 2000 | =sp3 | |
| Microsoft Windows 2000 | =sp4 | |
| Internet Explorer | =5.5-sp2 | |
| Microsoft Windows Me | ||
| Internet Explorer | =6 | |
| Microsoft Windows Server 2003 | ||
| Microsoft Windows Server 2003 | ||
| Microsoft Windows XP | ||
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Windows 98SE | ||
| Microsoft Windows NT | =4.0-sp6 | |
| Microsoft Windows NT | =4.0-sp6a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/673134
- http://www.ngssoftware.com/advisories/heartbeatfull.txt
- http://www.securityfocus.com/bid/11367
- http://marc.info/?l=bugtraq&m=110616221411579&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17714
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038
Frequently Asked Questions
What is the severity of CVE-2004-0978?
CVE-2004-0978 is considered critical due to the potential for remote code execution.
How do I fix CVE-2004-0978?
To fix CVE-2004-0978, users should apply any available security patches released by Microsoft for affected versions of Internet Explorer.
What versions of Internet Explorer are affected by CVE-2004-0978?
CVE-2004-0978 affects Internet Explorer versions 5.01 through 6, specifically SP2.
Can I mitigate CVE-2004-0978 without updates?
Mitigation of CVE-2004-0978 without updates can be done by avoiding online gaming sites using the Heartbeat ActiveX control.
What is the nature of the vulnerability in CVE-2004-0978?
CVE-2004-0978 is a heap-based buffer overflow vulnerability in the Heartbeat ActiveX control.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/5.01-sp3
- version/internet explorer/5.01-sp4
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp3
- version/microsoft windows 2000/sp4
- version/internet explorer/5.5-sp2
- canonical/microsoft windows me
- version/internet explorer/6
- canonical/microsoft windows server 2003
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- version/microsoft windows xp/sp2
- version/internet explorer/6-sp1
- canonical/microsoft windows 98se
- canonical/microsoft windows nt
- version/microsoft windows nt/4.0-sp6
- version/microsoft windows nt/4.0-sp6a