CVE-2004-1050

EXPLOITED

Avaya Ip600 Media Servers - Buffer Overflow

Title source: rule

Exploitation Summary

CVE-2004-1050 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Skylined.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2004-1050, targeting a buffer overflow vulnerability in Microsoft Internet Explorer. It uses a heap spray technique to execute arbitrary shellcode, resulting in a bind shell on port 28876.

Description

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmlremotewindows

https://www.exploit-db.com/exploits/612

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2004-1050, targeting a buffer overflow vulnerability in Microsoft Internet Explorer. It uses a heap spray technique to execute arbitrary shellcode, resulting in a bind shell on port 28876.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer (versions prior to the fix for CVE-2004-1050)

No auth needed

Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/842160

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109942758911846&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11515

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA04-315A.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17889

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12959/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/379261

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA04-336A.html

Scores

EPSS 0.8151

EPSS Percentile 99.2%

Details

VulnCheck KEV 2004-12-01

Status published

Products (28)

avaya/definity_one_media_server

avaya/definity_one_media_server r6

avaya/definity_one_media_server r7

avaya/definity_one_media_server r8

avaya/definity_one_media_server r9

avaya/definity_one_media_server r10

avaya/definity_one_media_server r11

avaya/definity_one_media_server r12

avaya/ip600_media_servers

avaya/ip600_media_servers r6

... and 18 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026