5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.947 High
EPSS
Percentile
99.2%
Added: 04/25/2006
CVE: CVE-2005-0553
BID: 13120
OSVDB: 15465
Dynamic HTML (DHTML) allows the creation of interactive web pages.
Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer.
Apply the patch referenced in Microsoft Security Bulletin 05-020.
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=228>
A user must load the exploit URL in Internet Explorer in order to run the exploit. Since the vulnerability is a race condition, the exploit may not always succeed.
Windows