Lucene search
SAINT CorporationSAINT:4EA4C47ECE569661FBDC05A6F25C0709HistoryDec 01, 2005 - 12:00 a.m.
Internet Explorer onload window vulnerability
2005-12-0100:00:00
SAINT Corporation
www.saintcorporation.com
18
0.973 High
EPSS
Percentile
99.8%
Added: 12/01/2005
CVE: CVE-2005-1790
BID: 13799
OSVDB: 17094
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Problem
Internet Explorer fails to properly initialize the **window()** function when called from an **onLoad** event in a **body** tag. This causes it to call a deferenced memory address, leading to the possibility of command execution.
Resolution
Apply a Microsoft update when available.
References
<http://www.securityfocus.com/archive/1/417326>
Limitations
This exploit requires a user on the target system to follow a link to the exploit using Internet Explorer.
Platforms
Windows
Related
checkpoint_advisories
checkpoint_advisories
seebug
seebug
securityvulns
securityvulns
saint
saint
Internet Explorer onload window vulnerability
2005-12-01 00:00:00
Internet Explorer onload window vulnerability
2005-12-01 00:00:00
Internet Explorer onload window vulnerability
2005-12-01 00:00:00
cert
cert
packetstorm
packetstorm
Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
2012-01-13 00:00:00
cvelist
cvelist
CVE-2005-1790
2005-06-01 04:00:00
cve
cve
CVE-2005-1790
2005-06-01 04:00:00
exploitdb
exploitdb
nessus
nessus
MS05-054: Cumulative Security Update for Internet Explorer (905915)
2005-12-13 00:00:00