Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka the IFRAME vulnerability or the HTML Elements Vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ip600_media_servers | Avaya | * | * |
| Ip600_media_servers | Avaya | r6 (including) | r6 (including) |
| Ip600_media_servers | Avaya | r7 (including) | r7 (including) |
| Ip600_media_servers | Avaya | r8 (including) | r8 (including) |
| Ip600_media_servers | Avaya | r9 (including) | r9 (including) |
| Ip600_media_servers | Avaya | r10 (including) | r10 (including) |
| Ip600_media_servers | Avaya | r11 (including) | r11 (including) |
| Ip600_media_servers | Avaya | r12 (including) | r12 (including) |
| Ie | Microsoft | 6.0-sp1 (including) | 6.0-sp1 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
| Definity_one_media_server | Avaya | * | * |
| Definity_one_media_server | Avaya | r6 (including) | r6 (including) |
| Definity_one_media_server | Avaya | r7 (including) | r7 (including) |
| Definity_one_media_server | Avaya | r8 (including) | r8 (including) |
| Definity_one_media_server | Avaya | r9 (including) | r9 (including) |
| Definity_one_media_server | Avaya | r10 (including) | r10 (including) |
| Definity_one_media_server | Avaya | r11 (including) | r11 (including) |
| Definity_one_media_server | Avaya | r12 (including) | r12 (including) |
| S3400 | Avaya | * | * |
| S8100 | Avaya | * | * |
| S8100 | Avaya | r6 (including) | r6 (including) |
| S8100 | Avaya | r7 (including) | r7 (including) |
| S8100 | Avaya | r8 (including) | r8 (including) |
| S8100 | Avaya | r9 (including) | r9 (including) |
| S8100 | Avaya | r10 (including) | r10 (including) |
| S8100 | Avaya | r11 (including) | r11 (including) |
| S8100 | Avaya | r12 (including) | r12 (including) |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
- http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2
- http://secunia.com/advisories/12959/
- http://www.kb.cert.org/vuls/id/842160
- http://www.securityfocus.com/archive/1/379261
- http://www.securityfocus.com/bid/11515
- http://www.us-cert.gov/cas/techalerts/TA04-315A.html
- http://www.us-cert.gov/cas/techalerts/TA04-336A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
- http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2
- http://secunia.com/advisories/12959/
- http://www.kb.cert.org/vuls/id/842160
- http://www.securityfocus.com/archive/1/379261
- http://www.securityfocus.com/bid/11515
- http://www.us-cert.gov/cas/techalerts/TA04-315A.html
- http://www.us-cert.gov/cas/techalerts/TA04-336A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294