Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-014 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Security Update for Internet Explorer (867282) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1005 | |||
Oval ID: | oval:org.mitre.oval:def:1005 | ||
Title: | IE6,SP1 DHTML Method Heap Memory Corruption Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0055 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1015 | |||
Oval ID: | oval:org.mitre.oval:def:1015 | ||
Title: | WinXP,SP2 Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 7 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1308 | |||
Oval ID: | oval:org.mitre.oval:def:1308 | ||
Title: | IE5.01,SP4 Security Zone Restriction Bypass Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0054 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1334 | |||
Oval ID: | oval:org.mitre.oval:def:1334 | ||
Title: | IE6 for Server 2003 Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 7 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1736 | |||
Oval ID: | oval:org.mitre.oval:def:1736 | ||
Title: | IE5.01,SP3 Security Zone Restriction Bypass Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0054 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2046 | |||
Oval ID: | oval:org.mitre.oval:def:2046 | ||
Title: | Windows 2000 Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2385 | |||
Oval ID: | oval:org.mitre.oval:def:2385 | ||
Title: | IE5.01,SP3 Channel Definition Format Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0056 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2692 | |||
Oval ID: | oval:org.mitre.oval:def:2692 | ||
Title: | IE5.01,SP3 DHTML Method Heap Memory Corruption Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0055 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2817 | |||
Oval ID: | oval:org.mitre.oval:def:2817 | ||
Title: | IE for Server 2003 Channel Definition Format Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0056 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2953 | |||
Oval ID: | oval:org.mitre.oval:def:2953 | ||
Title: | Windows XP,SP2 IE6.0 Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3006 | |||
Oval ID: | oval:org.mitre.oval:def:3006 | ||
Title: | IE5.01,SP3 Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3060 | |||
Oval ID: | oval:org.mitre.oval:def:3060 | ||
Title: | IE6 for Server 2003 Security Zone Restriction Bypass Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0054 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3137 | |||
Oval ID: | oval:org.mitre.oval:def:3137 | ||
Title: | IE6 DHTML Method Heap Memory Corruption Vulnerability (Server 2003) | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0055 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3196 | |||
Oval ID: | oval:org.mitre.oval:def:3196 | ||
Title: | IE6.0,SP2 Security Zone Restriction Bypass Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0054 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3318 | |||
Oval ID: | oval:org.mitre.oval:def:3318 | ||
Title: | IE6,SP1 Channel Definition Format Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0056 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3586 | |||
Oval ID: | oval:org.mitre.oval:def:3586 | ||
Title: | IE6.0,SP1 Security Zone Restriction Bypass Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0054 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3910 | |||
Oval ID: | oval:org.mitre.oval:def:3910 | ||
Title: | IE5.01,SP4 DHTML Method Heap Memory Corruption Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0055 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4085 | |||
Oval ID: | oval:org.mitre.oval:def:4085 | ||
Title: | IE6,SP2 Channel Definition Format Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0056 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4726 | |||
Oval ID: | oval:org.mitre.oval:def:4726 | ||
Title: | Server 2003/64-bit XP Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows Messenger |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4864 | |||
Oval ID: | oval:org.mitre.oval:def:4864 | ||
Title: | IE5.01,SP4 Drag-and-Drop Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0053 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4947 | |||
Oval ID: | oval:org.mitre.oval:def:4947 | ||
Title: | IE5.01,SP4 Channel Definition Format Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0056 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:710 | |||
Oval ID: | oval:org.mitre.oval:def:710 | ||
Title: | IE6 DHTML Method Heap Memory Corruption Vulnerability | ||
Description: | Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0055 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13608 | Microsoft IE Drag-and-Drop Privilege Escalation Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to drag-and-drop events not properly validating some DHTML events. This may allow an attacker to cause an arbitrary executable file to be downloaded to the victim's computer, to be executed by the user or via other flaws. |
13607 | Microsoft IE CDF Cross-Domain Code Execution Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Internet Explorer not properly sanitizing user input supplied in CDF files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. |
13606 | Microsoft IE createControlRange() Function Heap Corruption A remote overflow exists in Windows. Internet Explorer fails to validate the buffer used when processing some DHTML methods resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
13605 | Microsoft IE URL Decoding Zone Spoofing Code Execution Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Internet Explorer accepting URLs with % in the hostname, which allows an attacker to use multiple encoding to trick IE into running untrusted code in the My Computer Zone. This may allow an attacker to execute arbitrary code from a remote host. |
13604 | Microsoft IE Drag-and-Drop File Injection Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to improper validation of drag and drop events. It is possible that the flaw may allow a remote attacker to create a malicious Web page containing a specially crafted 'Content-Disposition' HTTP header with a dot appended in the filename, which would be downloaded without the victim's approval and may allow arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Shell.Explorer ActiveX Object Access RuleID : 4166 - Revision : 10 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Image Control 1.0 ActiveX object access RuleID : 4165 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer drag-and-drop vulnerability RuleID : 18282 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDF cross-domain scripting attempt RuleID : 17411 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access RuleID : 15122 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer 2 ActiveX function call unicode access RuleID : 15113 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access RuleID : 15112 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer 2 ActiveX clsid unicode access RuleID : 15111 - Revision : 6 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-02-08 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms05-008.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-01-19 21:29:54 |
|