Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0216

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0216
Last Modified 10 Sep 2008 03:25:31
Published 03 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0216

Summary

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5

  • Microsoft Ie 6


References

CERT - TA04-293A

CERT-VN - VU#637760

XF - ie-installenginectl-setciffile-bo(17620)

MS - MS04-038

BUGTRAQ - 20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow

XF - ie-ms04038-patch(17651)

MISC - http://www.ngssoftware.com/advisories/msinsengfull.txt

NTBUGTRAQ - 20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)


Last Updated: 27 May 2016 10:38:31