Vulnerabilities > CVE-2005-0055 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
NVD
Published: 2005-05-02
Updated: 2021-07-23

Summary

Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
11

Oval

  • accepted2014-02-24T04:00:06.150-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1005
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE6,SP1 DHTML Method Heap Memory Corruption Vulnerability
    version68
  • accepted2014-02-24T04:03:13.428-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2692
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE5.01,SP3 DHTML Method Heap Memory Corruption Vulnerability
    version68
  • accepted2014-02-24T04:03:14.521-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:3137
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE6 DHTML Method Heap Memory Corruption Vulnerability (Server 2003)
    version68
  • accepted2014-02-24T04:03:17.354-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:3910
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE5.01,SP4 DHTML Method Heap Memory Corruption Vulnerability
    version68
  • accepted2014-02-24T04:03:25.890-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:710
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE6 DHTML Method Heap Memory Corruption Vulnerability
    version67

References