Microsoft IE FRAME/IFRAME/EMBED Tag Overflow (Bofra Worm Detection)

critical Nessus Plugin ID 15746


The remote host is infected with a worm.


The remote host seems to have been infected with the Bofra worm or one of its variants, which infects machines via an Internet Explorer IFRAME exploit. It is very likely this system has been compromised.


Verify that the remote system has been compromised, and re-install if necessary.

See Also

Plugin Details

Severity: Critical

ID: 15746

File Name: bofra_detect.nasl

Version: 1.24

Type: remote

Family: Backdoors

Published: 11/17/2004

Updated: 6/1/2020

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 8.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/25/2004

Reference Information

CVE: CVE-2004-1050

BID: 11515