Vulnerabilities > CVE-2004-0216 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
critical

Summary

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Oval

  • accepted2014-02-24T04:03:22.092-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:5316
    statusaccepted
    submitted2004-10-25T12:00:00.000-04:00
    titleIE v6.0,SP1 (Server 2003) Install Engine Buffer Overflow
    version68
  • accepted2014-02-24T04:03:22.267-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:5329
    statusaccepted
    submitted2004-10-25T04:35:00.000-04:00
    titleIE v6.0,SP1 Install Engine Buffer Overflow
    version68
  • accepted2014-02-24T04:03:24.382-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:6100
    statusaccepted
    submitted2005-01-18T12:00:00.000-04:00
    titleIE v5.5,SP2 Install Engine Buffer Overflow
    version67
  • accepted2014-02-24T04:03:25.333-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:6600
    statusaccepted
    submitted2004-10-25T04:23:00.000-04:00
    titleIE v5.01,SP4 Install Engine Buffer Overflow
    version67
  • accepted2014-02-24T04:03:26.893-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameJohn Hoyland
      organizationCentennial Software
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:7717
    statusaccepted
    submitted2004-10-25T04:00:00.000-04:00
    titleIE v6.0 Install Engine Buffer Overflow
    version68
  • accepted2014-02-24T04:03:27.240-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:7865
    statusaccepted
    submitted2004-10-25T04:20:00.000-04:00
    titleIE v5.01,SP3 Install Engine Buffer Overflow
    version67