7 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.728 High
EPSS
Percentile
98.1%
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the “Channel Definition Format (CDF) Cross Domain Vulnerability.”
securitytracker.com/id?1013126
www.kb.cert.org/vuls/id/823971
www.securityfocus.com/bid/12427
www.us-cert.gov/cas/techalerts/TA05-039A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014
exchange.xforce.ibmcloud.com/vulnerabilities/19137
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947