CVE-2004-0842

Internet Explorer <6.0 SP1 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0842. PoCs published by Phuong Nguyen.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in Internet Explorer by using an unterminated comment sequence after a STYLE tag. The provided JavaScript code manipulates the DOM to trigger the vulnerability, potentially allowing arbitrary code execution in the context of the client user.

Description

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Phuong Nguyen · textremotewindows
https://www.exploit-db.com/exploits/24328

This exploit demonstrates a heap overflow vulnerability in Internet Explorer by using an unterminated comment sequence after a STYLE tag. The provided JavaScript code manipulates the DOM to trigger the vulnerability, potentially allowing arbitrary code execution in the context of the client user.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Internet Explorer (versions affected by CVE-2004-0842)
No auth needed
Prerequisites: User interaction required to visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=109102919426844&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169
Various Sources x_refsource_misc
http://www.securiteam.com/exploits/5NP042KF5A.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/291304
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=109060455614702&w=2
Exploit, Vendor Advisory x_refsource_misc
http://www.ecqurity.com/adv/IEstyle.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16675
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-293A.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109107496214572&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12806
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-006.shtml
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10816
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372

Scores

EPSS 0.5661
EPSS Percentile 98.9%

Details

Status published
Products (10)
avaya/definity_one_media_server
avaya/ip600_media_servers
avaya/modular_messaging_message_storage_server 1.1
avaya/modular_messaging_message_storage_server 2.0
avaya/s3400
avaya/s8100
microsoft/ie 6.0 sp1
microsoft/internet_explorer 5.0.1 (5 CPE variants)
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Dec 23, 2004
Tracked Since Feb 18, 2026