Vulnerability Details

ID: CVE-1999-0876

HPI
MSKB

Last Modified: July 22, 2021

Open in new window

Description

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 10.0

Exploitability Score: 10.0

Impact Score: 10.0

CVSS V2: AV:N/AC:L/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-ID

CWE-119

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:microsoft:ie:3.0::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 3.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:3.1::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 3.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:4.0:a:::::: Part: a Product: ie Update: a Vendor: microsoft Version: 4.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:4.0:::::::* Part: a Product: internet_explorer Vendor: microsoft Version: 4.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:4.1:::::::* Part: a Product: internet_explorer Vendor: microsoft Version: 4.1	Alle Schwachstellen für microsoft

Change-History

Date: Nov. 7, 2023

Reference:
added:
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959
removed:
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:4.0:a:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>

HPI-VDB — Database for IT-Attack Analysis