CVE-2004-1050 - CVE Reference - Advisories

CVE Reference: CVE-2004-1050

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-1050

Description: Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17889 SAID Secunia Advisory: SA12959 OVAL http://oval.mitre.org/oval/definitions/data/oval1294.html MS http://www.microsoft.com/technet/security/Bulletin/MS04-040.mspx FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html CERT-VN 842160 CERT http://www.us-cert.gov/cas/techalerts/TA04-336A.html http://www.us-cert.gov/cas/techalerts/TA04-315A.html BUGTRAQ http://www.securityfocus.com/archive/1/379261 http://marc.theaimsgroup.com/?l=bugtraq&m=109942758911846&w=2 BID 11515

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	Drupal Session Fixation Vulnerability

3.	OpenBSD BIND Query Port DNS Cache Poisoning

4.	Ubuntu update for php

5.	Red Hat update for kernel

6.	IPCop update for perl

7.	Slackware update for dnsmasq

8.	Fedora update for asterisk

9.	Debian update for xulrunner

10.	Red Hat update for thunderbird