Vulnerability Details : CVE-2004-1050
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-1050
- cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*
- cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1050
75.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1050
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-1050
-
http://secunia.com/advisories/12959/
About Secunia Research | Flexera
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
[Full-Disclosure] Mailing List Charter
-
http://marc.info/?l=bugtraq&m=109942758911846&w=2
'MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC' - MARC
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
-
http://www.securityfocus.com/archive/1/379261
-
http://www.us-cert.gov/cas/techalerts/TA04-336A.html
US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
Microsoft Security Bulletin MS04-040 - Critical | Microsoft Learn
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
-
http://www.us-cert.gov/cas/techalerts/TA04-315A.html
Page Not Found | CISAUS Government Resource
-
http://www.securityfocus.com/bid/11515
-
http://www.kb.cert.org/vuls/id/842160
Third Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
404 Not Found
Jump to