CVE-2002-1185

Description

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

Related CPE's

Could not find any relations

References

ie-png-bo(10662)

PatchVendor Advisory

20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability

AD20021211

6216

20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability

oval:org.mitre.oval:def:542

oval:org.mitre.oval:def:393

MS02-066

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:N/I:N/A:P
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	NONE
IntegrityImpact	NONE
AvailabilityImpact	PARTIAL
BaseScore	5

Created by Yello

About Severity.io