Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1050

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1050
Last Modified 07 Mar 2011 09:16:33
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1050

Summary

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Vulnerable Systems

Operating System

  • Avaya Modular Messaging Message Storage Server S3400

Application

  • Avaya Ip600 Media Servers

  • Avaya Ip600 Media Servers R10

  • Avaya Ip600 Media Servers R11

  • Avaya Ip600 Media Servers R12

  • Avaya Ip600 Media Servers R6

  • Avaya Ip600 Media Servers R7

  • Avaya Ip600 Media Servers R8

  • Avaya Ip600 Media Servers R9

  • Microsoft Ie 6.0


References

CERT - TA04-336A

CERT - TA04-315A

CERT-VN - VU#842160

XF - ie-iframe-src-name-bo(17889)

BID - 11515

BUGTRAQ - 20041024 python does mangleme (with IE bugs!)

MS - MS04-040

SECUNIA - 12959

BUGTRAQ - 20041102 MSIE