LiveActive security incident?Get immediate response
CVE archive

September 2004

Browse CVE records published in September 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 162 matching CVEs · Page 2 of 4.

Unknown · CVSS Not scored

CVE-2004-0839: Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to...

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Published Sep 14, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0789: Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis,...

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

Published Sep 1, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0783: Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2)...

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).

Published Sep 17, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0200: Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) comp...

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Published Sep 17, 2004 · Updated Aug 8, 2024