CVE-2005-0553

Properties

Published:
01.05.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Microsoft: Internet Explorer
Microsoft: Internet Explorer
Microsoft: Internet Explorer
Microsoft: Internet Explorer
Microsoft: Internet Explorer

Vulnerability description

Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka"DHTML Object Memory Corruption Vulnerability".

References:

IDEFENSE: http://www.idefense.com/application/poi/display?id=228&type=vulnerabilities
MS: http://www.microsoft.com/technet/Security/bulletin/ms05-020.mspx
SECUNIA: http://secunia.com/advisories/14922/
XF: http://xforce.iss.net/xforce/xfdb/19831
CERT: http://www.us-cert.gov/cas/techalerts/TA05-102A.html
CERT-VN: http://www.kb.cert.org/vuls/id/774338
IDEFENSE: http://www.idefense.com/application/poi/display?id=228&type=vulnerabilities
OVAL: http://oval.mitre.org/oval/definitions/data/oval1695.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval3100.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval3752.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval4874.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval4985.html