fkie_cve-2004-1050
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109942758911846&w=2
cve@mitre.orghttp://secunia.com/advisories/12959/
cve@mitre.orghttp://www.kb.cert.org/vuls/id/842160Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.securityfocus.com/archive/1/379261
cve@mitre.orghttp://www.securityfocus.com/bid/11515
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-315A.htmlUS Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-336A.htmlUS Government Resource
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17889
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109942758911846&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12959/
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/842160Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/379261
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11515
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-315A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-336A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
Impacted products
Vendor Product Version
avaya ip600_media_servers *
avaya ip600_media_servers r6
avaya ip600_media_servers r7
avaya ip600_media_servers r8
avaya ip600_media_servers r9
avaya ip600_media_servers r10
avaya ip600_media_servers r11
avaya ip600_media_servers r12
microsoft ie 6.0
microsoft internet_explorer 6.0
avaya definity_one_media_server *
avaya definity_one_media_server r6
avaya definity_one_media_server r7
avaya definity_one_media_server r8
avaya definity_one_media_server r9
avaya definity_one_media_server r10
avaya definity_one_media_server r11
avaya definity_one_media_server r12
avaya s3400 *
avaya s8100 *
avaya s8100 r6
avaya s8100 r7
avaya s8100 r8
avaya s8100 r9
avaya s8100 r10
avaya s8100 r11
avaya s8100 r12
avaya modular_messaging_message_storage_server s3400


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "421DCFC1-D1DF-4081-96C1-A1FA69632B40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB4E5D4-712A-4F8B-9571-23C5841FE653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B61857E-9B4A-480B-8381-4C1213063D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AF988E-D84B-4F47-BBF6-E08C6615E838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "74D156F2-E2BD-4E72-9776-21BCC3B3EC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC8CC2A7-E209-45FC-B4F7-83FAD79E2452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CBDA7C-1E0E-470C-A740-807C559FBA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB98D81-7F43-46BD-9713-C1036F123ECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F71B32E1-650F-48F6-B04A-F54B5CB12FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7A48D2-7CDB-40DE-95C0-EDF6CDDF7A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67BC930-C6D3-40FC-A44F-49A3A6E9B016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6469B5B2-9939-4163-A6C9-CC50D3358401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB9EF69-E099-4908-AC09-EE2811E39F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3129813-C6BA-48B1-944B-D34D7A0F0F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28E0D07-ED87-44D0-A771-FB5C9D5CA32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F01F490-DA2A-4C89-9C9A-1B2B1CFF8849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F867CCDD-DDAC-4802-8AE3-9CEDB7F0FDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD501EF0-7531-47DD-A4A8-1F3790401A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC0D2D7-B6E2-40D3-8830-E0AF518253E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2B4-B365-4307-B345-24527D7B5909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1562F7ED-5821-43AA-92CE-9BD7E67A47F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
    }
  ],
  "id": "CVE-2004-1050",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12959/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/842160"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/379261"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11515"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12959/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/842160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/379261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.