CVE-2004-1050

Published: Dec 31, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Affected (28)

Products: Avaya: Definity One Media Server, Ip600 Media Servers, S3400, S8100, Modular Messaging Message Storage Server · Microsoft: Ie, Internet Explorer

5 products

Definity One Media Server

Ip600 Media Servers

Modular Messaging Message Storage Server

2 products

Internet Explorer

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Avaya Definity One Media Server	All versions
Avaya Definity One Media Server	Version r10
Avaya Definity One Media Server	Version r11
Avaya Definity One Media Server	Version r12
Avaya Definity One Media Server	Version r6
Avaya Definity One Media Server	Version r7
Avaya Definity One Media Server	Version r8
Avaya Definity One Media Server	Version r9
Avaya Ip600 Media Servers	All versions
Avaya Ip600 Media Servers	Version r10
Avaya Ip600 Media Servers	Version r11
Avaya Ip600 Media Servers	Version r12
Avaya Ip600 Media Servers	Version r6
Avaya Ip600 Media Servers	Version r7
Avaya Ip600 Media Servers	Version r8
Avaya Ip600 Media Servers	Version r9
Avaya S3400	All versions
Avaya S8100	All versions
Avaya S8100	Version r10
Avaya S8100	Version r11
Avaya S8100	Version r12
Avaya S8100	Version r6
Avaya S8100	Version r7
Avaya S8100	Version r8
Avaya S8100	Version r9
Microsoft Ie	Version 6.0 sp1
Microsoft Internet Explorer	Version 6.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Modular Messaging Message Storage Server	Version s3400

References (24)

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109942758911846&w=2

Source: cve@mitre.org

http://secunia.com/advisories/12959/

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/842160

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/archive/1/379261

Source: cve@mitre.org

http://www.securityfocus.com/bid/11515

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA04-315A.html

Source: cve@mitre.org

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-336A.html

Source: cve@mitre.org

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17889

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=109942758911846&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/12959/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/842160

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/archive/1/379261

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11515

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA04-315A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-336A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/17889

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.