// For flags

CVE-2003-1048

Secunia Security Advisory 12192

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

mshtml.dll de ciertas versiones de Internet Explorer 6.x permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario mediante una imagen GIF malformada que dispara un desbordamiento de búfer.

Microsoft has issued an update for Internet Explorer. This fixes three vulnerabilities, allowing malicious websites to cause a DoS or compromise a system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-07-20 CVE Reserved
  • 2004-07-21 CVE Published
  • 2024-08-08 CVE Updated
  • 2025-06-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-415: Double Free
CAPEC
References (16)
URL Tag Source
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html Broken Link
http://www.ciac.org/ciac/bulletins/o-191.shtml Broken Link
http://www.kb.cert.org/vuls/id/685364 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA04-212A.html Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/16804 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517 Broken Link
URL Date SRC
URL Date SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025 2024-02-02
URL Date SRC
http://www.securityfocus.com/bid/8530 2024-02-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp3
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp4
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 5.5
Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 6.0
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"
-
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 6.0
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2000
Search vendor "Microsoft" for product "Outlook" and version "2000"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2000
Search vendor "Microsoft" for product "Outlook" and version "2000"
sp3
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2000
Search vendor "Microsoft" for product "Outlook" and version "2000"
sp4
Affected
Microsoft
Search vendor "Microsoft"
 Windows 98
Search vendor "Microsoft" for product "Windows 98"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows 98se
Search vendor "Microsoft" for product "Windows 98se"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows Me
Search vendor "Microsoft" for product "Windows Me"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows Nt
Search vendor "Microsoft" for product "Windows Nt"
 4.0
Search vendor "Microsoft" for product "Windows Nt" and version "4.0"
sp6, terminal_server
Affected
Microsoft
Search vendor "Microsoft"
 Windows Nt
Search vendor "Microsoft" for product "Windows Nt"
 4.0
Search vendor "Microsoft" for product "Windows Nt" and version "4.0"
sp6a, server
Affected
Microsoft
Search vendor "Microsoft"
 Windows Nt
Search vendor "Microsoft" for product "Windows Nt"
 4.0
Search vendor "Microsoft" for product "Windows Nt" and version "4.0"
sp6a, workstation
Affected
Microsoft
Search vendor "Microsoft"
 Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
-sp1
Affected