CVE-2004-1050
Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-11-02 First Exploit
- 2004-11-17 CVE Reserved
- 2004-11-18 CVE Published
- 2023-10-26 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html | Mailing List | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html | Mailing List | |
| http://marc.info/?l=bugtraq&m=109942758911846&w=2 | Mailing List | |
| http://secunia.com/advisories/12959 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/842160 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/379261 | Mailing List | |
| http://www.securityfocus.com/bid/11515 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA04-315A.html | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA04-336A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17889 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/612 | 2004-11-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | * | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r6 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r6" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r7 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r7" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r8 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r8" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r9 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r9" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r10 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r10" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r11 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r11" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | r12 Search vendor "Avaya" for product "Ip600 Media Servers" and version "r12" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | * | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r6 Search vendor "Avaya" for product "Definity One Media Server" and version "r6" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r7 Search vendor "Avaya" for product "Definity One Media Server" and version "r7" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r8 Search vendor "Avaya" for product "Definity One Media Server" and version "r8" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r9 Search vendor "Avaya" for product "Definity One Media Server" and version "r9" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r10 Search vendor "Avaya" for product "Definity One Media Server" and version "r10" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r11 Search vendor "Avaya" for product "Definity One Media Server" and version "r11" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | r12 Search vendor "Avaya" for product "Definity One Media Server" and version "r12" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S3400 Search vendor "Avaya" for product "S3400" | * | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | * | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r6 Search vendor "Avaya" for product "S8100" and version "r6" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r7 Search vendor "Avaya" for product "S8100" and version "r7" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r8 Search vendor "Avaya" for product "S8100" and version "r8" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r9 Search vendor "Avaya" for product "S8100" and version "r9" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r10 Search vendor "Avaya" for product "S8100" and version "r10" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r11 Search vendor "Avaya" for product "S8100" and version "r11" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | r12 Search vendor "Avaya" for product "S8100" and version "r12" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Modular Messaging Message Storage Server Search vendor "Avaya" for product "Modular Messaging Message Storage Server" | s3400 Search vendor "Avaya" for product "Modular Messaging Message Storage Server" and version "s3400" | - |
Affected
| ||||||