published date: December 31, 2004

CVE-2004-1050 : Heap-based Buffer Overflow Vulnerability

Description

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Product(s):

Avaya IP600 Media Servers
Avaya IP600 Media Servers R10
Avaya IP600 Media Servers R11
Avaya IP600 Media Servers R12
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R9
Microsoft IE 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 -
Microsoft Internet Explorer 6.0 Service Pack 1
Avaya Definity One Media Server
Avaya DefinityOne Media Server
Avaya DefinityOne Media Servers R10
Avaya Definity One Media Server R11
Avaya Definity One Media Server R12
Avaya Definity One Media Server R6
Avaya Definity One Media Server R7
Avaya Definity One Media Server R8
Avaya DefinityOne Media Servers R9
Avaya S3400
Avaya S8100
Avaya S8100 R10
Avaya S8100 R11
Avaya S8100 R12
Avaya S8100 R6
Avaya S8100 R7
Avaya S8100 R8
Avaya S8100 R9
Avaya Modular Messaging Message Storage Server S3400

CVSS:10 [Critical]
EPSS:75.60%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-1050, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-1050 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-1050

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales