ID CVE-2004-0216
Summary Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2014-02-24T04:03:22.092-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    family windows
    id oval:org.mitre.oval:def:5316
    status accepted
    submitted 2004-10-25T12:00:00.000-04:00
    title IE v6.0,SP1 (Server 2003) Install Engine Buffer Overflow
    version 68
  • accepted 2014-02-24T04:03:22.267-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    family windows
    id oval:org.mitre.oval:def:5329
    status accepted
    submitted 2004-10-25T04:35:00.000-04:00
    title IE v6.0,SP1 Install Engine Buffer Overflow
    version 68
  • accepted 2014-02-24T04:03:24.382-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    family windows
    id oval:org.mitre.oval:def:6100
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.5,SP2 Install Engine Buffer Overflow
    version 67
  • accepted 2014-02-24T04:03:25.333-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    family windows
    id oval:org.mitre.oval:def:6600
    status accepted
    submitted 2004-10-25T04:23:00.000-04:00
    title IE v5.01,SP4 Install Engine Buffer Overflow
    version 67
  • accepted 2014-02-24T04:03:26.893-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    family windows
    id oval:org.mitre.oval:def:7717
    status accepted
    submitted 2004-10-25T04:00:00.000-04:00
    title IE v6.0 Install Engine Buffer Overflow
    version 68
  • accepted 2014-02-24T04:03:27.240-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    family windows
    id oval:org.mitre.oval:def:7865
    status accepted
    submitted 2004-10-25T04:20:00.000-04:00
    title IE v5.01,SP3 Install Engine Buffer Overflow
    version 67
refmap via4
bugtraq
  • 20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow
  • 20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
cert TA04-293A
cert-vn VU#637760
misc http://www.ngssoftware.com/advisories/msinsengfull.txt
ntbugtraq 20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
xf
  • ie-installenginectl-setciffile-bo(17620)
  • ie-ms04038-patch(17651)
Last major update 12-10-2018 - 21:34
Published 03-11-2004 - 05:00
Last modified 12-10-2018 - 21:34
Back to Top