CVE-2005-2830 - Unspecified vulnerability in Microsoft IE and Internet Explorer

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft IE 6.0	4

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS05-054.NASL
description	The remote host is missing IE Cumulative Security Update 905915. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	20299
published	2005-12-13
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20299
title	MS05-054: Cumulative Security Update for Internet Explorer (905915)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(20299); script_version("1.53"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2005-1790", "CVE-2005-2829", "CVE-2005-2830", "CVE-2005-2831", "CVE-2006-0057" ); script_bugtraq_id(13799, 15823, 15825, 15827, 16409); script_xref(name:"MSFT", value:"MS05-054"); script_xref(name:"CERT", value:"887861"); script_xref(name:"CERT", value:"998297"); script_xref(name:"EDB-ID", value:"18365"); script_xref(name:"MSKB", value:"905915"); script_name(english:"MS05-054: Cumulative Security Update for Internet Explorer (905915)"); script_summary(english:"Determines the presence of update 905915"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through the web client."); script_set_attribute(attribute:"description", value: "The remote host is missing IE Cumulative Security Update 905915. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-054"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl","smb_nt_ms05-038.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-054'; kb = '905915'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Mshtml.dll", version:"6.0.3790.449", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:1, file:"Mshtml.dll", version:"6.0.3790.2577", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:1, file:"Mshtml.dll", version:"6.0.2800.1528", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mshtml.dll", version:"6.0.2900.2802", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"6.0.2800.1528", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"5.0.3835.2200", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2014-02-24T04:00:08.025-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

family

windows

id

oval:org.mitre.oval:def:1097

status

accepted

submitted

2005-12-13T12:00:00.000-04:00

title

Win2K/XP,SP1 HTTPS Proxy Vulnerability

version

71

accepted

2014-02-24T04:00:08.222-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

family

windows

id

oval:org.mitre.oval:def:1101

status

accepted

submitted

2005-12-13T12:00:00.000-04:00

title

WinXP,SP1 (64-bit) HTTPS Proxy Vulnerability

version

71

accepted

2014-02-24T04:00:09.290-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

family

windows

id

oval:org.mitre.oval:def:1143

status

accepted

submitted

2005-12-13T12:00:00.000-04:00

title

Server 2003,SP1 HTTPS Proxy Vulnerability

version

71

accepted

2014-02-24T04:00:13.966-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

family

windows

id

oval:org.mitre.oval:def:1317

status

accepted

submitted

2005-12-13T12:00:00.000-04:00

title

Server 2003 HTTPS Proxy Vulnerability

version

70

accepted

2014-02-24T04:00:16.984-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

family

windows

id

oval:org.mitre.oval:def:1435

status

accepted

submitted

2005-12-13T12:00:00.000-04:00

title

WinXP,SP2 HTTPS Proxy Vulnerability

version

72

accepted

2014-02-24T04:00:19.447-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Anna Min
organization BigFix, Inc
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

family

windows

id

oval:org.mitre.oval:def:1521

status

accepted

submitted

2005-12-13T12:00:00.000-04:00

title

Win2K,SP4 HTTPS Proxy Vulnerability

version

71

Vulnerabilities > CVE-2005-2830 - Unspecified vulnerability in Microsoft IE and Internet Explorer

Summary

Vulnerable Configurations

Nessus

Oval

References