CVE-2004-1922
First published: Sun Apr 11 2004(Updated: )
Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =5.5 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1922?
CVE-2004-1922 is considered a vulnerability that could lead to denial of service due to memory consumption.
How do I fix CVE-2004-1922?
To mitigate CVE-2004-1922, it is recommended to upgrade to a newer version of Internet Explorer that is not affected.
What versions of Internet Explorer are affected by CVE-2004-1922?
CVE-2004-1922 affects Microsoft Internet Explorer versions 5.5 and 6.0.
What type of attack is associated with CVE-2004-1922?
CVE-2004-1922 is associated with denial of service attacks through specially crafted BMP files.
Can CVE-2004-1922 be exploited remotely?
Yes, CVE-2004-1922 can be exploited remotely by sending a crafted BMP file to the target system.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/5.5
- version/internet explorer/6.0