CVE-2004-1050
Summary
| CVE | CVE-2004-1050 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-12-31 05:00:00 UTC |
| Updated | 2021-07-23 12:55:00 UTC |
| Description | Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Avaya | Definity One Media Server | All | All | All | All |
| Hardware | Avaya | Definity One Media Server | r10 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r11 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r12 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r6 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r7 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r8 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r9 | All | All | All |
| Hardware | Avaya | Definity One Media Server | All | All | All | All |
| Hardware | Avaya | Definity One Media Server | r10 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r11 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r12 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r6 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r7 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r8 | All | All | All |
| Hardware | Avaya | Definity One Media Server | r9 | All | All | All |
| Application | Avaya | Ip600 Media Servers | All | All | All | All |
| Application | Avaya | Ip600 Media Servers | r10 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r11 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r12 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r6 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r7 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r8 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r9 | All | All | All |
| Application | Avaya | Ip600 Media Servers | All | All | All | All |
| Application | Avaya | Ip600 Media Servers | r10 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r11 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r12 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r6 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r7 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r8 | All | All | All |
| Application | Avaya | Ip600 Media Servers | r9 | All | All | All |
| Operating System | Avaya | Modular Messaging Message Storage Server | s3400 | All | All | All |
| Operating System | Avaya | Modular Messaging Message Storage Server | s3400 | All | All | All |
| Hardware | Avaya | S3400 | All | All | All | All |
| Hardware | Avaya | S3400 | All | All | All | All |
| Hardware | Avaya | S8100 | All | All | All | All |
| Hardware | Avaya | S8100 | r10 | All | All | All |
| Hardware | Avaya | S8100 | r11 | All | All | All |
| Hardware | Avaya | S8100 | r12 | All | All | All |
| Hardware | Avaya | S8100 | r6 | All | All | All |
| Hardware | Avaya | S8100 | r7 | All | All | All |
| Hardware | Avaya | S8100 | r8 | All | All | All |
| Hardware | Avaya | S8100 | r9 | All | All | All |
| Hardware | Avaya | S8100 | All | All | All | All |
| Hardware | Avaya | S8100 | r10 | All | All | All |
| Hardware | Avaya | S8100 | r11 | All | All | All |
| Hardware | Avaya | S8100 | r12 | All | All | All |
| Hardware | Avaya | S8100 | r6 | All | All | All |
| Hardware | Avaya | S8100 | r7 | All | All | All |
| Hardware | Avaya | S8100 | r8 | All | All | All |
| Hardware | Avaya | S8100 | r9 | All | All | All |
| Application | Microsoft | Ie | 6.0 | All | All | All |
| Application | Microsoft | Ie | 6.0 | sp1 | All | All |
| Application | Microsoft | Ie | 6.0 | All | All | All |
| Application | Microsoft | Ie | 6.0 | sp1 | All | All |
| Application | Microsoft | Internet Explorer | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| US-CERT Vulnerability Note VU#842160 | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| [Full-Disclosure] python does mangleme (with IE bugs!) | FULLDISC | lists.grok.org.uk | |
| US-CERT Technical Cyber Security Alert TA04-315A -- Buffer Overflow in Microsoft Internet Explorer | CERT | www.us-cert.gov | US Government Resource |
| Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| Microsoft Security Bulletin MS04-040 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Secunia - Advisories - Internet Explorer HTML Elements Buffer Overflow Vulnerability | SECUNIA | secunia.com | |
| 'MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC' - MARC | BUGTRAQ | marc.info | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| [Full-Disclosure] python does mangleme (with IE bugs!) | FULLDISC | lists.grok.org.uk | |
| US-CERT Technical Cyber Security Alert TA04-336A -- Update for Microsoft Internet Explorer HTML Elements Vulnerability | CERT | www.us-cert.gov | US Government Resource |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.