Executive Summary

Informations
Name CVE-2006-0057 First vendor Publication 2006-01-27
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0057

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 3

ExploitDB Exploits

id Description
2012-01-14 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution V...

Open Source Vulnerability Database (OSVDB)

Id Description
23657 Microsoft IE ActiveX Killbit Setting Bypass

Microsoft Internet Explorer contains a flaw that may allow a malicious user to bypass the kill bit settings for ActiveX controls. The issue is triggered when user visits a malicious web page that contains specially crafted HTML which would cause the killbit setting for ActiveX controls to be bypassed. It is possible that the flaw may allow to execute arbitary code with user privileges.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Internet Explorer javascript onload prompt obfuscation overflow att...
RuleID : 4917 - Revision : 16 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer javascript onload document.write obfuscation over...
RuleID : 4916 - Revision : 15 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer Shortcut Handler ActiveX object access
RuleID : 4915 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Script Definition ActiveX object access
RuleID : 4914 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Workspace ActiveX object access
RuleID : 4913 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Root ActiveX object access
RuleID : 4912 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Type Library ActiveX object access
RuleID : 4911 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Relationship Definition ActiveX object...
RuleID : 4910 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Property Definition ActiveX object access
RuleID : 4909 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Method Definition ActiveX object access
RuleID : 4908 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Collection Definition ActiveX object a...
RuleID : 4907 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Interface Definition ActiveX object ac...
RuleID : 4906 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Object ActiveX object access
RuleID : 4905 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Repository Alias ActiveX object access
RuleID : 4904 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer VMR ImageSync 9 ActiveX object access
RuleID : 4903 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Video Mixing Renderer 9 ActiveX object access
RuleID : 4902 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer VMR Allocator Presenter 9 ActiveX object access
RuleID : 4901 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Outlook Progress Ctl ActiveX object access
RuleID : 4900 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer ISupportErrorInfo Interface ActiveX object access
RuleID : 4899 - Revision : 17 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer PSTypeComp ActiveX object access
RuleID : 4898 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer PSOAInterface ActiveX object access
RuleID : 4897 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer PSTypeLib ActiveX object access
RuleID : 4896 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer PSTypeInfo ActiveX object access
RuleID : 4895 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer PSEnumVariant ActiveX object access
RuleID : 4894 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Trident HTMLEditor ActiveX object access
RuleID : 4893 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer MTSEvents Class ActiveX object access
RuleID : 4892 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer cfw Class ActiveX object access
RuleID : 4891 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer IAVIStream & IAVIFile Proxy ActiveX object ac...
RuleID : 4890 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer javascript onload overflow attempt
RuleID : 4647 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer File Download Dialog Box Manipulation
RuleID : 17463 - Revision : 13 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability
RuleID : 17448 - Revision : 11 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer Address ActiveX clsid access
RuleID : 11252 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Sony Rootkit Uninstaller ActiveX clsid unicode access
RuleID : 11251 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Sony Rootkit Uninstaller ActiveX clsid access
RuleID : 11250 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 IE Address ActiveX clsid unicode access
RuleID : 11249 - Revision : 7 - Type : WEB-ACTIVEX

Nessus® Vulnerability Scanner

Date Description
2006-02-14 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms06-004.nasl - Type : ACT_GATHER_INFO
2005-12-13 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms05-054.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://www.kb.cert.org/vuls/id/998297
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx
http://www.osvdb.org/23657
http://www.securityfocus.com/bid/16409
https://exchange.xforce.ibmcloud.com/vulnerabilities/24379
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 23:21:06
  • Multiple Updates
2024-11-28 12:08:10
  • Multiple Updates
2021-07-27 00:24:36
  • Multiple Updates
2021-07-24 01:44:13
  • Multiple Updates
2021-07-24 01:02:19
  • Multiple Updates
2021-07-23 17:24:40
  • Multiple Updates
2021-05-04 12:03:36
  • Multiple Updates
2021-04-22 01:04:05
  • Multiple Updates
2020-05-23 00:17:17
  • Multiple Updates
2017-07-20 09:23:17
  • Multiple Updates
2016-06-28 15:33:21
  • Multiple Updates
2014-02-17 10:34:16
  • Multiple Updates
2013-05-11 10:46:19
  • Multiple Updates