CVE-2004-1050

critical Microsoft
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
81.5%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: December 31, 2004 (7804 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CWE

NVD-CWE-Other

Affected Products

avaya ip600 media serversmicrosoft iemicrosoft internet exploreravaya definity one media serveravaya s3400avaya s8100avaya modular messaging message storage server

References

🔗 lists.grok.org.uk 🔗 lists.grok.org.uk 🔗 marc.info 🔗 secunia.com 🔗 www.kb.cert.org