FKIE_CVE-2004-1050

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109942758911846&w=2
cve@mitre.orghttp://secunia.com/advisories/12959/
cve@mitre.orghttp://www.kb.cert.org/vuls/id/842160Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.securityfocus.com/archive/1/379261
cve@mitre.orghttp://www.securityfocus.com/bid/11515
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-315A.htmlUS Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-336A.htmlUS Government Resource
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17889
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109942758911846&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12959/
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/842160Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/379261
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11515
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-315A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-336A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
Impacted products
Vendor Product Version
avaya ip600_media_servers *
avaya ip600_media_servers r6
avaya ip600_media_servers r7
avaya ip600_media_servers r8
avaya ip600_media_servers r9
avaya ip600_media_servers r10
avaya ip600_media_servers r11
avaya ip600_media_servers r12
microsoft ie 6.0
microsoft internet_explorer 6.0
avaya definity_one_media_server *
avaya definity_one_media_server r6
avaya definity_one_media_server r7
avaya definity_one_media_server r8
avaya definity_one_media_server r9
avaya definity_one_media_server r10
avaya definity_one_media_server r11
avaya definity_one_media_server r12
avaya s3400 *
avaya s8100 *
avaya s8100 r6
avaya s8100 r7
avaya s8100 r8
avaya s8100 r9
avaya s8100 r10
avaya s8100 r11
avaya s8100 r12
avaya modular_messaging_message_storage_server s3400
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "421DCFC1-D1DF-4081-96C1-A1FA69632B40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB4E5D4-712A-4F8B-9571-23C5841FE653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B61857E-9B4A-480B-8381-4C1213063D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AF988E-D84B-4F47-BBF6-E08C6615E838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "74D156F2-E2BD-4E72-9776-21BCC3B3EC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC8CC2A7-E209-45FC-B4F7-83FAD79E2452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CBDA7C-1E0E-470C-A740-807C559FBA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB98D81-7F43-46BD-9713-C1036F123ECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F71B32E1-650F-48F6-B04A-F54B5CB12FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7A48D2-7CDB-40DE-95C0-EDF6CDDF7A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67BC930-C6D3-40FC-A44F-49A3A6E9B016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6469B5B2-9939-4163-A6C9-CC50D3358401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB9EF69-E099-4908-AC09-EE2811E39F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3129813-C6BA-48B1-944B-D34D7A0F0F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28E0D07-ED87-44D0-A771-FB5C9D5CA32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F01F490-DA2A-4C89-9C9A-1B2B1CFF8849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F867CCDD-DDAC-4802-8AE3-9CEDB7F0FDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD501EF0-7531-47DD-A4A8-1F3790401A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC0D2D7-B6E2-40D3-8830-E0AF518253E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2B4-B365-4307-B345-24527D7B5909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1562F7ED-5821-43AA-92CE-9BD7E67A47F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
    }
  ],
  "id": "CVE-2004-1050",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12959/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/842160"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/379261"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11515"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12959/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/842160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/379261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.