Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:B71D3CF9A24416FAFBEABCB29A0A76B3
HistoryApr 25, 2006 - 12:00 a.m.

Internet Explorer DHTML object vulnerability

2006-04-2500:00:00
SAINT Corporation
my.saintcorporation.com
13

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.947 High

EPSS

Percentile

99.2%

JSON

Added: 04/25/2006
CVE: CVE-2005-0553
BID: 13120
OSVDB: 15465

Background

Dynamic HTML (DHTML) allows the creation of interactive web pages.

Problem

Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-020.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=228&gt;

Limitations

A user must load the exploit URL in Internet Explorer in order to run the exploit. Since the vulnerability is a race condition, the exploit may not always succeed.

Platforms

Windows

Related

securityvulns 2
checkpoint_advisories 2
saint 3
cve 1
packetstorm 1
cvelist 1
cert 1
openvas 1
securityvulns
securityvulns
iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability
2005-04-13 00:00:00
Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer &#40;890923&#41;
2005-04-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer DHTML Object Memory Corruption (MS05-020) - Ver2 (CVE-2005-0553)
2015-03-26 00:00:00
Internet Explorer DHTML Object Memory Corruption (MS05-020) - Ver2 (CVE-2005-0553)
2015-03-26 00:00:00
saint
saint
Internet Explorer DHTML object vulnerability
2006-04-25 00:00:00
Internet Explorer DHTML object vulnerability
2006-04-25 00:00:00
Internet Explorer DHTML object vulnerability
2006-04-25 00:00:00
cve
cve
CVE-2005-0553
2005-05-02 04:00:00
packetstorm
packetstorm
ie_dhtml_poc.txt
2005-04-18 00:00:00
cvelist
cvelist
CVE-2005-0553
2005-04-13 04:00:00
cert
cert
Microsoft Internet Explorer DHTML objects contain a race condition
2005-04-12 00:00:00
openvas
openvas
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.947 High

EPSS

Percentile

99.2%

JSON
Related for SAINT:B71D3CF9A24416FAFBEABCB29A0A76B3
securityvulns2checkpoint_advisories2saint3cve1packetstorm1cvelist1cert1openvas1