CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1050

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile7.91th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Avaya

Ip600 Media Servers

All versions
πŸ“¦
Avaya

Ip600 Media Servers

= r6
πŸ“¦
Avaya

Ip600 Media Servers

= r7
πŸ“¦
Avaya

Ip600 Media Servers

= r8
πŸ“¦
Avaya

Ip600 Media Servers

= r9
πŸ“¦
Avaya

Ip600 Media Servers

= r10
πŸ“¦
Avaya

Ip600 Media Servers

= r11
πŸ“¦
Avaya

Ip600 Media Servers

= r12
πŸ“¦
Microsoft

Ie

= 6.0
πŸ“¦
Microsoft

Internet Explorer

= 6.0
πŸ”Œ
Avaya

Definity One Media Server

All versions
πŸ”Œ
Avaya

Definity One Media Server

= r6
πŸ”Œ
Avaya

Definity One Media Server

= r7
πŸ”Œ
Avaya

Definity One Media Server

= r8
πŸ”Œ
Avaya

Definity One Media Server

= r9
πŸ”Œ
Avaya

Definity One Media Server

= r10
πŸ”Œ
Avaya

Definity One Media Server

= r11
πŸ”Œ
Avaya

Definity One Media Server

= r12
πŸ”Œ
Avaya

S3400

All versions
πŸ”Œ
Avaya

S8100

All versions
πŸ”Œ
Avaya

S8100

= r6
πŸ”Œ
Avaya

S8100

= r7
πŸ”Œ
Avaya

S8100

= r8
πŸ”Œ
Avaya

S8100

= r9
πŸ”Œ
Avaya

S8100

= r10
πŸ”Œ
Avaya

S8100

= r11
πŸ”Œ
Avaya

S8100

= r12
πŸ’»
Avaya

Modular Messaging Message Storage Server

= s3400

References & Advisories

πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
πŸ”— http://marc.info/?l=bugtraq&m=109942758911846&w=2
πŸ”— http://secunia.com/advisories/12959/
πŸ”— http://www.kb.cert.org/vuls/id/842160
πŸ”— http://www.securityfocus.com/archive/1/379261
πŸ”— http://www.securityfocus.com/bid/11515
πŸ”— http://www.us-cert.gov/cas/techalerts/TA04-315A.html

Related Vulnerabilities

CVE-2004-044410.0

Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal F...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...

CVE-2004-176010.0

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not ...

CVE-2004-058610.0

acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Dow...