Microsoft Internet Explorer up to 6 Install Engine Inseng.dll memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Microsoft Internet Explorer up to 6. This affects an unknown part in the library Inseng.dll of the component Install Engine. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2004-0216. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability, which was classified as critical, has been found in Microsoft Internet Explorer up to 6 (Web Browser). This issue affects an unknown code in the library Inseng.dll of the component Install Engine. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability.
The weakness was presented 10/12/2004 by Greg Jones and Peter Winter-Smith with KPMG UK und Next Generation Security Software as MS04-038 as confirmed bulletin (Technet). The advisory is shared at microsoft.com. The identification of this vulnerability is CVE-2004-0216 since 03/11/2004. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available.
We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 12556 (FreeBSD : SA-04:03.jail), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100018 (Microsoft Internet Explorer Multiple Vulnerabilities (MS04-038)).
Applying the patch MS04-038 is able to eliminate this problem. The bugfix is ready for download at windowsupdate.microsoft.com. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3058.
The vulnerability is also documented in the databases at X-Force (17620), Tenable (12556), SecurityFocus (BID 11366†), Secunia (SA12806†) and Vulnerability Center (SBV-5545†). See VDB-285, VDB-540, VDB-745 and VDB-758 for similar entries. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 12556
Nessus Name: FreeBSD : SA-04:03.jail
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 10861
OpenVAS Name: IE 5.01 5.5 6.0 Cumulative patch (890923)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: MS04-038
Suricata ID: 2003231
Suricata Class: 🔍
Suricata Message: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Timeline
03/11/2004 🔍10/12/2004 🔍
10/12/2004 🔍
10/12/2004 🔍
10/12/2004 🔍
10/13/2004 🔍
10/14/2004 🔍
11/03/2004 🔍
01/02/2025 🔍
Sources
Vendor: microsoft.comAdvisory: MS04-038
Researcher: Greg Jones, Peter Winter-Smith
Organization: KPMG UK und Next Generation Security Software
Status: Confirmed
CVE: CVE-2004-0216 (🔍)
GCVE (CVE): GCVE-0-2004-0216
GCVE (VulDB): GCVE-100-893
OVAL: 🔍
CERT: 🔍
X-Force: 17620 - Microsoft Internet Explorer InstallEngineCtl SetCifFile buffer overflow, High Risk
SecurityFocus: 11366 - Microsoft Internet Explorer Install Engine ActiveX Control Buffer Overflow Vulnerability
Secunia: 12806 - Internet Explorer Multiple Vulnerabilities, Extremely Critical
SecuriTeam: securiteam.com
Vulnerability Center: 5545 - [MS04-040] Microsoft Internet Explorer 5.01, 5.5, 6.0 Allows Code Execution via InstallEn, Medium
See also: 🔍
Entry
Created: 10/14/2004 11:45Updated: 01/02/2025 15:05
Changes: 10/14/2004 11:45 (88), 04/07/2017 12:00 (13), 03/10/2021 06:36 (2), 03/10/2021 06:41 (2), 01/02/2025 15:05 (15)
Complete: 🔍
Cache ID: 216:6BC:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.