CVE-2004-0216 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

54.9%

top 1.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedNov 3

Latest updateApr 29

Description

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.01, 5.5+1

▶NVDmicrosoft/ie6

Patches

Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-frcm-cm8j-hpw7: Integer overflow in the Install Engine (inseng↗2022-04-29

▶

CVEList

CVE-2004-0216: Integer overflow in the Install Engine (inseng↗2004-10-16

▶