Unrated severityNVD Advisory· Published Feb 9, 2005· Updated Apr 16, 2026

CVE-2004-0978

Description

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.

Affected products

Microsoft/Internet Explorer5 versions
cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038nvdPatchVendor Advisory
marc.infonvdIssue TrackingThird Party Advisory
www.kb.cert.org/vuls/id/673134nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/11367nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/17714nvdThird Party AdvisoryVDB Entry
www.ngssoftware.com/advisories/heartbeatfull.txtnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.034
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000