Back to search
CVE-2004-0216
Published: Oct 16, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:5316
vdb-entry
signature
x_refsource_OVAL
http://www.ngssoftware.com/advisories/msinsengfull.txt
x_refsource_MISC
VU#637760
third-party-advisory
x_refsource_CERT-VN
MS04-038
vendor-advisory
x_refsource_MS
ie-installenginectl-setciffile-bo(17620)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:7865
vdb-entry
signature
x_refsource_OVAL
TA04-293A
third-party-advisory
x_refsource_CERT
ie-ms04038-patch(17651)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:7717
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:6100
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:6600
vdb-entry
signature
x_refsource_OVAL
20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
mailing-list
x_refsource_BUGTRAQ
20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow
mailing-list
x_refsource_BUGTRAQ
20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
mailing-list
x_refsource_NTBUGTRAQ
oval:org.mitre.oval:def:5329
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now