CVE-2006-0057

Опубликовано: 27 янв. 2006

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

Ссылки

http://www.kb.cert.org/vuls/id/998297
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx
Patch
Vendor Advisory
http://www.osvdb.org/23657
http://www.securityfocus.com/bid/16409
https://exchange.xforce.ibmcloud.com/vulnerabilities/24379
http://www.kb.cert.org/vuls/id/998297
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx
Patch
Vendor Advisory
http://www.osvdb.org/23657
http://www.securityfocus.com/bid/16409
https://exchange.xforce.ibmcloud.com/vulnerabilities/24379

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.39623

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9h4w-rm2m-5cc3

github

почти 4 года назад