Vulnerabilities > CVE-2004-0216 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Oval
accepted 2014-02-24T04:03:22.092-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:5316 status accepted submitted 2004-10-25T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) Install Engine Buffer Overflow version 68 accepted 2014-02-24T04:03:22.267-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:5329 status accepted submitted 2004-10-25T04:35:00.000-04:00 title IE v6.0,SP1 Install Engine Buffer Overflow version 68 accepted 2014-02-24T04:03:24.382-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:6100 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v5.5,SP2 Install Engine Buffer Overflow version 67 accepted 2014-02-24T04:03:25.333-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:6600 status accepted submitted 2004-10-25T04:23:00.000-04:00 title IE v5.01,SP4 Install Engine Buffer Overflow version 67 accepted 2014-02-24T04:03:26.893-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:7717 status accepted submitted 2004-10-25T04:00:00.000-04:00 title IE v6.0 Install Engine Buffer Overflow version 68 accepted 2014-02-24T04:03:27.240-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:7865 status accepted submitted 2004-10-25T04:20:00.000-04:00 title IE v5.01,SP3 Install Engine Buffer Overflow version 67
References
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- http://www.kb.cert.org/vuls/id/637760
- http://www.ngssoftware.com/advisories/msinsengfull.txt
- http://marc.info/?l=ntbugtraq&m=110619893620517&w=2
- http://marc.info/?l=bugtraq&m=109760693512754&w=2
- http://marc.info/?l=bugtraq&m=110616383332055&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038