Vulnerabilities > CVE-2005-0053 - Unspecified vulnerability in Microsoft products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
exploit available

Summary

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

Exploit-Db

descriptionMicrosoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability. CVE-2005-0053. Remote exploit for windows platform
idEDB-ID:24693
last seen2016-02-02
modified2004-10-20
published2004-10-20
reporterhttp-equiv
sourcehttps://www.exploit-db.com/download/24693/
titleMicrosoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-008.NASL
descriptionThe remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to elevate his privileges and/or execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or opening a malicious file attachment.
last seen2020-06-01
modified2020-06-02
plugin id16324
published2005-02-08
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16324
titleMS05-008: Vulnerability in Windows Shell (890047)

Oval

  • accepted2011-05-16T04:00:11.011-04:00
    classvulnerability
    contributors
    • nameMatthew Burton
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1015
    statusaccepted
    submitted2005-09-19T04:00:00.000-04:00
    titleWinXP,SP2 Drag-and-Drop Vulnerability
    version70
  • accepted2014-02-24T04:00:14.543-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameDan Haynes
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1334
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE6 for Server 2003 Drag-and-Drop Vulnerability
    version70
  • accepted2011-05-16T04:02:20.658-04:00
    classvulnerability
    contributors
    • nameMatthew Burton
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2046
    statusaccepted
    submitted2005-03-31T12:00:00.000-04:00
    titleWindows 2000 Drag-and-Drop Vulnerability
    version69
  • accepted2014-02-24T04:03:13.962-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameDan Haynes
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2953
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleWindows XP,SP2 IE6.0 Drag-and-Drop Vulnerability
    version69
  • accepted2014-02-24T04:03:14.088-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameDan Haynes
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:3006
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE5.01,SP3 Drag-and-Drop Vulnerability
    version70
  • accepted2007-11-13T12:01:16.481-05:00
    classvulnerability
    contributors
    • nameMatthew Burton
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJeff Cheng
      organizationOpsware, Inc.
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:4726
    statusaccepted
    submitted2005-03-31T12:00:00.000-04:00
    titleServer 2003/64-bit XP Drag-and-Drop Vulnerability
    version67
  • accepted2014-02-24T04:03:19.891-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameDan Haynes
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:4864
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE5.01,SP4 Drag-and-Drop Vulnerability
    version70