Vulnerability Description
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Ip600 Media Servers | All versions |
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 6.0 |
| Avaya | Definity One Media Server | All versions |
| Avaya | S3400 | All versions |
| Avaya | S8100 | All versions |
| Avaya | Modular Messaging Message Storage Server | s3400 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
- http://marc.info/?l=bugtraq&m=109942758911846&w=2
- http://secunia.com/advisories/12959/
- http://www.kb.cert.org/vuls/id/842160Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/379261
- http://www.securityfocus.com/bid/11515
- http://www.us-cert.gov/cas/techalerts/TA04-315A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA04-336A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
- http://marc.info/?l=bugtraq&m=109942758911846&w=2
FAQ
What is CVE-2004-1050?
CVE-2004-1050 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discover...
How severe is CVE-2004-1050?
CVE-2004-1050 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1050?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Ip600 Media Servers, Microsoft Ie, Microsoft Internet Explorer, Avaya Definity One Media Server, Avaya S3400.