HTTP: Internet Explorer Malformed IFRAME Buffer Overflow (1)
This signature detects an HTML document containing a maliciously crafted IFRAME tag. Attackers can place this document on a malicious Web server to exploit clients that attempt to view the document using Microsoft Internet Explorer.
Extended Description
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
Affected Products
Avaya definity_one_media_server
Short Name
HTTP:STC:IE:IFRAME-NAME-OF-1
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(1) Buffer CVE-2004-1050 Explorer IFRAME Internet Malformed Overflow bid:11515
Release Date
06/29/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Occasionally
Vendors
Avaya
Microsoft
CVSS Score
10.0