Internet Explorer DHTML object vulnerability

2006-04-25T00:00:00
ID SAINT:B71D3CF9A24416FAFBEABCB29A0A76B3
Type saint
Reporter SAINT Corporation
Modified 2006-04-25T00:00:00

Description

Added: 04/25/2006
CVE: CVE-2005-0553
BID: 13120
OSVDB: 15465

Background

Dynamic HTML (DHTML) allows the creation of interactive web pages.

Problem

Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-020.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=228>

Limitations

A user must load the exploit URL in Internet Explorer in order to run the exploit. Since the vulnerability is a race condition, the exploit may not always succeed.

Platforms

Windows