CVE-2003-1048

Name: CVE-2003-1048
Creator: NVD / NIST
Published: 2004-07-27T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 26.63%

Last modified Jun 16, 2026

CVE-2003-1048 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.. EPSS estimates a 26.63% chance of exploitation in the next 30 days.

Description

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

26.63%

97.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-415

Affected Software

Vendor	Product	Versions	Update
Microsoft	Internet Explorer	5.01	Sp2
Microsoft	Internet Explorer	5.5	Sp2
Microsoft	Internet Explorer	6.0	—
Microsoft	Outlook	2000	Sp2
Microsoft	Windows 98	All versions	—
Microsoft	Windows 98se	All versions	—
Microsoft	Windows Me	All versions	—
Microsoft	Windows Nt	4.0	Sp6
Microsoft	Windows Server 2003	All versions	—
Microsoft	Windows Xp	All versions	—

References

http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.htmlBroken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.htmlBroken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.htmlBroken Link
http://www.ciac.org/ciac/bulletins/o-191.shtmlBroken Link
http://www.kb.cert.org/vuls/id/685364Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/8530Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-212A.htmlBroken Link, Third Party Advisory, US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16804Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.htmlBroken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.htmlBroken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.htmlBroken Link
http://www.ciac.org/ciac/bulletins/o-191.shtmlBroken Link
http://www.kb.cert.org/vuls/id/685364Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/8530Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-212A.htmlBroken Link, Third Party Advisory, US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16804Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517Broken Link

Timeline

Published: Jul 27, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2003-1048?

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

How severe is CVE-2003-1048?

CVE-2003-1048 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 26.63% probability of exploitation in the next 30 days.

How do I fix CVE-2003-1048?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2003-1048?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST