First published: Thu Nov 18 2004(Updated: )
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Avaya IP600 Media Servers | ||
Avaya IP600 Media Servers | =r6 | |
Avaya IP600 Media Servers | =r7 | |
Avaya IP600 Media Servers | =r8 | |
Avaya IP600 Media Servers | =r9 | |
Avaya IP600 Media Servers | =r10 | |
Avaya IP600 Media Servers | =r11 | |
Avaya IP600 Media Servers | =r12 | |
Microsoft Internet Explorer | =6.0-sp1 | |
Internet Explorer | =6.0 | |
Avaya DEFINITY ONE Media Server | ||
Avaya DEFINITY ONE Media Server | =r6 | |
Avaya DEFINITY ONE Media Server | =r7 | |
Avaya DEFINITY ONE Media Server | =r8 | |
Avaya DEFINITY ONE Media Server | =r9 | |
Avaya DEFINITY ONE Media Server | =r10 | |
Avaya DEFINITY ONE Media Server | =r11 | |
Avaya DEFINITY ONE Media Server | =r12 | |
Avaya S3400 | ||
Avaya S8100 | ||
Avaya S8100 | =r6 | |
Avaya S8100 | =r7 | |
Avaya S8100 | =r8 | |
Avaya S8100 | =r9 | |
Avaya S8100 | =r10 | |
Avaya S8100 | =r11 | |
Avaya S8100 | =r12 | |
Avaya Modular Messaging Message Storage Server | =s3400 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-1050 is considered critical due to the potential for remote code execution.
To fix CVE-2004-1050, ensure you are using a patched version of Internet Explorer or upgrade to a more secure browser.
CVE-2004-1050 affects Internet Explorer 6, alongside various versions of Avaya IP600 Media Servers.
Yes, CVE-2004-1050 can be exploited remotely through crafted HTML containing malicious IFRAME or FRAME elements.
If exploited, CVE-2004-1050 can allow attackers to execute arbitrary code, potentially compromising the affected system.