Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka the IFRAME vulnerability or the HTML Elements Vulnerability.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ip600_media_servers | Avaya | * | * |
| Ip600_media_servers | Avaya | r6 (including) | r6 (including) |
| Ip600_media_servers | Avaya | r7 (including) | r7 (including) |
| Ip600_media_servers | Avaya | r8 (including) | r8 (including) |
| Ip600_media_servers | Avaya | r9 (including) | r9 (including) |
| Ip600_media_servers | Avaya | r10 (including) | r10 (including) |
| Ip600_media_servers | Avaya | r11 (including) | r11 (including) |
| Ip600_media_servers | Avaya | r12 (including) | r12 (including) |
| Ie | Microsoft | 6.0-sp1 (including) | 6.0-sp1 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
| Definity_one_media_server | Avaya | * | * |
| Definity_one_media_server | Avaya | r6 (including) | r6 (including) |
| Definity_one_media_server | Avaya | r7 (including) | r7 (including) |
| Definity_one_media_server | Avaya | r8 (including) | r8 (including) |
| Definity_one_media_server | Avaya | r9 (including) | r9 (including) |
| Definity_one_media_server | Avaya | r10 (including) | r10 (including) |
| Definity_one_media_server | Avaya | r11 (including) | r11 (including) |
| Definity_one_media_server | Avaya | r12 (including) | r12 (including) |
| S3400 | Avaya | * | * |
| S8100 | Avaya | * | * |
| S8100 | Avaya | r6 (including) | r6 (including) |
| S8100 | Avaya | r7 (including) | r7 (including) |
| S8100 | Avaya | r8 (including) | r8 (including) |
| S8100 | Avaya | r9 (including) | r9 (including) |
| S8100 | Avaya | r10 (including) | r10 (including) |
| S8100 | Avaya | r11 (including) | r11 (including) |
| S8100 | Avaya | r12 (including) | r12 (including) |