Signature Detail

HTTP: Internet Explorer Malformed IFRAME Buffer Overflow

This signature detects an HTML document containing a maliciously crafted IFRAME tag. Attackers can place this document on a malicious Web server to exploit clients that attempt to view the document using Microsoft Internet Explorer.

Extended Description

Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability. This issue presents itself due to insufficient boundary checks performed by the application and results in arbitrary code execution or a denial of service. This issue does not affect the following Internet Explorer 6 versions: - Internet Explorer 6 for Windows Server 2003 - Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003 - Internet Explorer 6 for Windows XP Service Pack 2

Affected Products

• Avaya DefinityOne Media Servers R10
• Avaya DefinityOne Media Servers R11
• Avaya DefinityOne Media Servers R12
• Avaya DefinityOne Media Servers R6
• Avaya DefinityOne Media Servers R7
• Avaya DefinityOne Media Servers R8
• Avaya DefinityOne Media Servers R9
• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers R10
• Avaya IP600 Media Servers R11
• Avaya IP600 Media Servers R12
• Avaya IP600 Media Servers R6
• Avaya IP600 Media Servers R7
• Avaya IP600 Media Servers R8
• Avaya IP600 Media Servers R9
• Avaya IP600 Media Servers
• Avaya Modular Messaging S3400
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers R10
• Avaya S8100 Media Servers R11
• Avaya S8100 Media Servers R12
• Avaya S8100 Media Servers R6
• Avaya S8100 Media Servers R7
• Avaya S8100 Media Servers R8
• Avaya S8100 Media Servers R9
• Avaya S8100 Media Servers
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 11515
• CVE: CVE-2004-1050
• URL: http://www.kb.cert.org/vuls/id/842160