Vulnerabilities > CVE-2005-0553 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability. CVE-2005-0553. Remote exploit for windows platform |
| id | EDB-ID:25386 |
| last seen | 2016-02-03 |
| modified | 2005-04-12 |
| published | 2005-04-12 |
| reporter | Berend-Jan Wever |
| source | https://www.exploit-db.com/download/25386/ |
| title | Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability |
Oval
accepted 2014-02-24T04:00:22.025-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". family windows id oval:org.mitre.oval:def:1695 status accepted submitted 2005-05-10T12:00:00.000-04:00 title DHTML Object Memory Corruption Vulnerability (IE6 for XP,SP2) version 67 accepted 2014-02-24T04:03:14.323-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". family windows id oval:org.mitre.oval:def:3100 status accepted submitted 2005-05-10T12:00:00.000-04:00 title DHTML Object Memory Corruption Vulnerability (IE6 for Server 2003) version 68 accepted 2014-02-24T04:03:16.864-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Jason Spashett organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". family windows id oval:org.mitre.oval:def:3752 status accepted submitted 2005-05-10T12:00:00.000-04:00 title DHTML Object Memory Corruption Vulnerability (IE6,SP1) version 68 accepted 2014-02-24T04:03:19.990-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". family windows id oval:org.mitre.oval:def:4874 status accepted submitted 2005-05-10T12:00:00.000-04:00 title DHTML Object Memory Corruption Vulnerability (IE5.01,SP3) version 67 accepted 2014-02-24T04:03:20.603-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". family windows id oval:org.mitre.oval:def:4985 status accepted submitted 2005-05-10T12:00:00.000-04:00 title DHTML Object Memory Corruption Vulnerability (IE5.01,SP4) version 67
Packetstorm
| data source | https://packetstormsecurity.com/files/download/37192/ie_dhtml_poc.txt |
| id | PACKETSTORM:37192 |
| last seen | 2016-12-05 |
| published | 2005-04-18 |
| reporter | SkyLined |
| source | https://packetstormsecurity.com/files/37192/ie_dhtml_poc.txt.html |
| title | ie_dhtml_poc.txt |
Saint
| bid | 13120 |
| description | Internet Explorer DHTML object vulnerability |
| id | win_patch_ie_url |
| osvdb | 15465 |
| title | ie_dhtml_object |
| type | client |
References
- http://www.idefense.com/application/poi/display?id=228&type=vulnerabilities
- http://secunia.com/advisories/14922/
- http://www.us-cert.gov/cas/techalerts/TA05-102A.html
- http://www.kb.cert.org/vuls/id/774338
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19831
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020