Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1050

5 documents5 sources

Severity

10.0CRITICAL

EPSS

81.5%

top 0.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Avaya Definity ONE Media Server Avaya Ip600 Media Servers Avaya Modular Messaging Message Storage Server +3 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶NVDmicrosoft/internet_explorer6.0

▶NVDavaya/s81007 versions+6

▶NVDmicrosoft/ie6.0

▶NVDavaya/ip600_media_servers7 versions+6

▶NVDavaya/definity_one_media_server7 versions+6

🔴Vulnerability Details

GHSA

GHSA-r65h-9rm3-h7gm: Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME,↗2022-04-29

▶

CVEList

CVE-2004-1050: Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME,↗2004-11-18

▶

VulnCheck

avaya ip600_media_servers Out-of-bounds Write↗2004

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow↗2004-11-02

▶