CVE Vulnerabilities

CVE-2003-1048

Double Free

Published: Jul 27, 2004 | Modified: Feb 02, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Internet_explorer Microsoft 5.01-sp2 (including) 5.01-sp2 (including)
Internet_explorer Microsoft 5.01-sp3 (including) 5.01-sp3 (including)
Internet_explorer Microsoft 5.01-sp4 (including) 5.01-sp4 (including)
Internet_explorer Microsoft 5.5-sp2 (including) 5.5-sp2 (including)
Internet_explorer Microsoft 6.0 (including) 6.0 (including)
Internet_explorer Microsoft 6.0-sp1 (including) 6.0-sp1 (including)
Outlook Microsoft 2000-sp2 (including) 2000-sp2 (including)
Outlook Microsoft 2000-sp3 (including) 2000-sp3 (including)
Outlook Microsoft 2000-sp4 (including) 2000-sp4 (including)
Windows_98 Microsoft - (including) - (including)
Windows_98se Microsoft - (including) - (including)
Windows_me Microsoft - (including) - (including)
Windows_nt Microsoft 4.0-sp6 (including) 4.0-sp6 (including)
Windows_nt Microsoft 4.0-sp6a (including) 4.0-sp6a (including)
Windows_server_2003 Microsoft - (including) - (including)
Windows_xp Microsoft - (including) - (including)
Windows_xp Microsoft –sp1 (including) –sp1 (including)

Potential Mitigations

References