Vulnerabilities > CVE-2005-0056 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
microsoft

Summary

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Oval

  • accepted2014-02-24T04:03:12.589-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2385
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE5.01,SP3 Channel Definition Format Cross Domain Vulnerability
    version68
  • accepted2014-02-24T04:03:13.821-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2817
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE for Server 2003 Channel Definition Format Cross Domain Vulnerability
    version68
  • accepted2014-02-24T04:03:14.995-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:3318
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE6,SP1 Channel Definition Format Cross Domain Vulnerability
    version68
  • accepted2014-02-24T04:03:17.869-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:4085
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE6,SP2 Channel Definition Format Cross Domain Vulnerability
    version67
  • accepted2014-02-24T04:03:20.486-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:4947
    statusaccepted
    submitted2005-03-17T12:00:00.000-04:00
    titleIE5.01,SP4 Channel Definition Format Cross Domain Vulnerability
    version68