CVE-2006-0057

2006-01-2722:03:00

[email protected]

web.nvd.nist.gov

microsoft

internet explorer

kill bit

activex

remote

attack

cve-2006-0057

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

Affected configurations

NVD

Node

microsoftieMatch6windows_server_2003_sp1

microsoftinternet_explorerMatch5.01sp4

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6sp1

CPENameOperatorVersion
microsoft:iemicrosoft ieeq6
microsoft:internet_explorermicrosoft internet explorereq5.01
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq6

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	5.01
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	6