CVE-2004-1050: Buffer Overflow
First published: Thu Nov 18 2004(Updated: )
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Ip600 Media Servers | =r8 | |
| Avaya Definity One Media Server | =r12 | |
| Avaya Definity One Media Server | =r9 | |
| Avaya Definity One Media Server | =r7 | |
| Avaya Ip600 Media Servers | =r9 | |
| Avaya Definity One Media Server | =r8 | |
| Avaya S8100 | =r9 | |
| Avaya Definity One Media Server | ||
| Microsoft Ie | =6.0-sp1 | |
| Avaya S8100 | =r11 | |
| Avaya S8100 | ||
| Avaya Ip600 Media Servers | =r6 | |
| Avaya S8100 | =r7 | |
| Avaya Ip600 Media Servers | =r10 | |
| Avaya Ip600 Media Servers | ||
| Avaya Ip600 Media Servers | =r12 | |
| Avaya S8100 | =r6 | |
| Avaya S8100 | =r10 | |
| Avaya Ip600 Media Servers | =r7 | |
| Avaya Ip600 Media Servers | =r11 | |
| Avaya Definity One Media Server | =r6 | |
| Avaya S8100 | =r8 | |
| Avaya S8100 | =r12 | |
| Avaya S3400 | ||
| Avaya Definity One Media Server | =r10 | |
| Avaya Definity One Media Server | =r11 | |
| Microsoft Internet Explorer | =6.0 | |
| Avaya Modular Messaging Message Storage Server | =s3400 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11515
- http://www.kb.cert.org/vuls/id/842160
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
- http://www.securityfocus.com/archive/1/379261
- http://www.us-cert.gov/cas/techalerts/TA04-315A.html
- http://www.us-cert.gov/cas/techalerts/TA04-336A.html
- http://secunia.com/advisories/12959/
- http://marc.info/?l=bugtraq&m=109942758911846&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/avaya
- canonical/avaya ip600 media servers
- version/avaya ip600 media servers/r8
- canonical/avaya definity one media server
- version/avaya definity one media server/r12
- version/avaya definity one media server/r9
- version/avaya definity one media server/r7
- version/avaya ip600 media servers/r9
- version/avaya definity one media server/r8
- canonical/avaya s8100
- version/avaya s8100/r9
- vendor/microsoft
- canonical/microsoft ie
- version/microsoft ie/6.0-sp1
- version/avaya s8100/r11
- version/avaya ip600 media servers/r6
- version/avaya s8100/r7
- version/avaya ip600 media servers/r10
- version/avaya ip600 media servers/r12
- version/avaya s8100/r6
- version/avaya s8100/r10
- version/avaya ip600 media servers/r7
- version/avaya ip600 media servers/r11
- version/avaya definity one media server/r6
- version/avaya s8100/r8
- version/avaya s8100/r12
- canonical/avaya s3400
- version/avaya definity one media server/r10
- version/avaya definity one media server/r11
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0
- canonical/avaya modular messaging message storage server
- version/avaya modular messaging message storage server/s3400