SecuritySpace - CVE-2004-1050

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID:	CVE-2004-1050
Description:	Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Test IDs:	1.3.6.1.4.1.25623.1.0.15894 1.3.6.1.4.1.25623.1.0.15746
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1050 BugTraq ID: 11515 http://www.securityfocus.com/bid/11515 Bugtraq: 20041024 python does mangleme (with IE bugs!) (Google Search) http://www.securityfocus.com/archive/1/379261 Bugtraq: 20041102 MSIE and <FRAME> tag NAME property bufferoverflow PoC (Google Search)</a><br> <a href="http://marc.info/?l=bugtraq&m=109942758911846&w=2">http://marc.info/?l=bugtraq&m=109942758911846&w=2</a><br> <a href="http://www.cert.org/advisories/TA04-315A.html">Cert/CC Advisory: TA04-315A</a><br> <a href="http://www.us-cert.gov/cas/techalerts/TA04-315A.html">http://www.us-cert.gov/cas/techalerts/TA04-315A.html</a><br> <a href="http://www.cert.org/advisories/TA04-336A.html">Cert/CC Advisory: TA04-336A</a><br> <a href="http://www.us-cert.gov/cas/techalerts/TA04-336A.html">http://www.us-cert.gov/cas/techalerts/TA04-336A.html</a><br> CERT/CC vulnerability note: VU#842160<br> <a href="http://www.kb.cert.org/vuls/id/842160">http://www.kb.cert.org/vuls/id/842160</a><br> <a href="http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html">http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html</a><br> <a href="http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html">http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html</a><br> <a href="http://www.microsoft.com/technet/security/bulletin/MS04-040.asp">Microsoft Security Bulletin: MS04-040</a><br> <a href="https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040">https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040</a><br> <a href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294">https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294</a><br> <a href="http://secunia.com/advisories/12959/">http://secunia.com/advisories/12959/</a><br> <a href="http://www.iss.net/security_center/static/17889.php">XForce ISS Database: ie-iframe-src-name-bo(17889)</a><br> <a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/17889">https://exchange.xforce.ibmcloud.com/vulnerabilities/17889</a><br> </td></tr> </table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>