ID CVE-2004-1050
Summary Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-02-24T04:00:13.078-05:00
class vulnerability
contributors
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
description Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
family windows
id oval:org.mitre.oval:def:1294
status accepted
submitted 2005-01-05T05:00:00.000-04:00
title IFRAME Vulnerability
version 11
refmap via4
bid 11515
bugtraq
  • 20041024 python does mangleme (with IE bugs!)
  • 20041102 MSIE