Vulnerabilities > CVE-2005-0056 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Oval
accepted 2014-02-24T04:03:12.589-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:2385 status accepted submitted 2005-03-17T12:00:00.000-04:00 title IE5.01,SP3 Channel Definition Format Cross Domain Vulnerability version 68 accepted 2014-02-24T04:03:13.821-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:2817 status accepted submitted 2005-03-17T12:00:00.000-04:00 title IE for Server 2003 Channel Definition Format Cross Domain Vulnerability version 68 accepted 2014-02-24T04:03:14.995-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:3318 status accepted submitted 2005-03-17T12:00:00.000-04:00 title IE6,SP1 Channel Definition Format Cross Domain Vulnerability version 68 accepted 2014-02-24T04:03:17.869-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:4085 status accepted submitted 2005-03-17T12:00:00.000-04:00 title IE6,SP2 Channel Definition Format Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:20.486-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:4947 status accepted submitted 2005-03-17T12:00:00.000-04:00 title IE5.01,SP4 Channel Definition Format Cross Domain Vulnerability version 68
References
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- http://www.kb.cert.org/vuls/id/823971
- http://www.securityfocus.com/bid/12427
- http://securitytracker.com/id?1013126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19137
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014