CVE-2004-0216
ms04-038.html
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Desbordamiento de búfer en el Motor de Instalación (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar código de su elección mediante un sitio web maliciosos o correo electrónico HTML.
Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2004-03-11 CVE Reserved
- 2004-10-16 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (15)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.kb.cert.org/vuls/id/637760 | 2021-07-23 | |
http://www.us-cert.gov/cas/techalerts/TA04-293A.html | 2021-07-23 |
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | 2021-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_server_2003_sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | - |
Affected
|