CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/998297	Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx	Patch Vendor Advisory
http://www.securityfocus.com/bid/16409
http://www.osvdb.org/23657
https://exchange.xforce.ibmcloud.com/vulnerabilities/24379

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1::::::

Information

Published : 2006-01-27 14:03

Updated : 2021-07-23 05:19

NVD link : CVE-2006-0057

Mitre link : CVE-2006-0057

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

internet_explorer
ie

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/998297", "name": "VU#998297", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx", "name": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16409", "name": "16409", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/23657", "name": "23657", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379", "name": "ie-activex-killbit-bypass(24379)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0057", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-01-27T22:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-23T12:19Z"}