10

CVE-2004-0216

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6 Updatewindows_server_2003_sp1
MicrosoftInternet Explorer Version5.01
MicrosoftInternet Explorer Version5.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 54.87% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
http://www.us-cert.gov/cas/techalerts/TA04-293A.html
Patch
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/637760
Patch
Third Party Advisory
US Government Resource