CVE-2004-1050 (CNNVD-200412-657)

CRITICAL 有利用代码
中文标题:
Microsoft Internet Explorer安全漏洞
英文标题:
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code ...
CVSS分数: 10.0
发布时间: 2004-11-18 05:00:00
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v4
漏洞描述
中文描述:

Microsoft Internet Explorer(IE)是美国微软(Microsoft)公司的一款Windows操作系统附带的Web浏览器。 Microsoft Internet Explorer是一款流行的WEB浏览器。Microsoft Internet Explorer在处理IFRAME标签的NAME属性时缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞以IE进程权限在系统上执行任意指令。攻击者如果构建一个IFRAME标签,并在NAME属性中构建超长字符串,诱使用户访问此页面,可导致目标用户IE程序发生缓冲区溢出,精心构建页面数据,可能以IE进程权限在系统上执行任意指令。

英文描述:

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CWE类型:
(暂无数据)
标签:
remote windows Skylined OSVDB-11337
受影响产品
厂商 产品 版本 版本范围 平台 CPE
avaya ip600_media_servers * - - cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
avaya ip600_media_servers r6 - - cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*
avaya ip600_media_servers r7 - - cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*
avaya ip600_media_servers r8 - - cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*
avaya ip600_media_servers r9 - - cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*
avaya ip600_media_servers r10 - - cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*
avaya ip600_media_servers r11 - - cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*
avaya ip600_media_servers r12 - - cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*
microsoft ie 6.0 - - cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
microsoft internet_explorer 6.0 - - cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
avaya definity_one_media_server * - - cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
avaya definity_one_media_server r6 - - cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*
avaya definity_one_media_server r7 - - cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*
avaya definity_one_media_server r8 - - cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*
avaya definity_one_media_server r9 - - cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*
avaya definity_one_media_server r10 - - cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*
avaya definity_one_media_server r11 - - cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*
avaya definity_one_media_server r12 - - cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*
avaya s3400 * - - cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
avaya s8100 * - - cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
avaya s8100 r6 - - cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*
avaya s8100 r7 - - cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*
avaya s8100 r8 - - cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*
avaya s8100 r9 - - cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*
avaya s8100 r10 - - cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*
avaya s8100 r11 - - cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*
avaya s8100 r12 - - cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*
avaya modular_messaging_message_storage_server s3400 - - cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
VU#842160 third-party-advisory
cve.org
访问
20041023 python does mangleme (with IE bugs!) mailing-list
cve.org
访问
MS04-040 vendor-advisory
cve.org
访问
20041102 MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC mailing-list
cve.org
访问
11515 vdb-entry
cve.org
访问
oval:org.mitre.oval:def:1294 vdb-entry
cve.org
访问
20041025 python does mangleme (with IE bugs!) mailing-list
cve.org
访问
TA04-315A third-party-advisory
cve.org
访问
ie-iframe-src-name-bo(17889) vdb-entry
cve.org
访问
12959 third-party-advisory
cve.org
访问
20041024 python does mangleme (with IE bugs!) mailing-list
cve.org
访问
TA04-336A third-party-advisory
cve.org
访问
ExploitDB EDB-612 EXPLOIT
exploitdb
访问
Download Exploit EDB-612 EXPLOIT
exploitdb
访问
CVE Reference: CVE-2004-1050 ADVISORY
cve.org
访问
CVSS评分详情
10.0
CRITICAL
CVSS向量: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS版本: 2.0
机密性
COMPLETE
完整性
COMPLETE
可用性
COMPLETE
时间信息
发布时间:
2004-11-18 05:00:00
修改时间:
2024-08-08 00:38:59
创建时间:
2025-11-11 15:32:22
更新时间:
2025-11-11 17:03:09
利用信息
此漏洞有可利用代码!
利用代码数量: 1
利用来源:
未知
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2004-1050 2025-11-11 15:17:29 2025-11-11 07:32:22
NVD nvd_CVE-2004-1050 2025-11-11 14:50:55 2025-11-11 07:41:08
CNNVD cnnvd_CNNVD-200412-657 2025-11-11 15:08:44 2025-11-11 07:48:56
EXPLOITDB exploitdb_EDB-612 2025-11-11 15:05:56 2025-11-11 09:03:09
版本与语言
当前版本: v4
主要语言: EN
支持语言:
EN ZH
其他标识符:
:
:
安全公告
暂无安全公告信息
变更历史
v4 EXPLOITDB
2025-11-11 17:03:09
references_count: 12 → 15; tags_count: 0 → 4; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
  • references_count: 12 -> 15
  • tags_count: 0 -> 4
  • data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3 CNNVD
2025-11-11 15:48:56
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-200412-657; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-200412-657
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:08
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 10.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 28; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
  • cvss_score: 未提取 -> 10.0
  • cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:C/I:C/A:C
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 28
  • data_sources: ['cve'] -> ['cve', 'nvd']