ID CVE-2005-0053
Summary Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.0.1
    cpe:2.3:a:microsoft:ie:5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
    cpe:2.3:a:microsoft:ie:5.0.1:sp1
  • Microsoft Internet Explorer 5.0.1 SP2
    cpe:2.3:a:microsoft:ie:5.0.1:sp2
  • Microsoft Internet Explorer 5.0.1 SP3
    cpe:2.3:a:microsoft:ie:5.0.1:sp3
  • Microsoft Internet Explorer 5.0.1 Service Pack 4
    cpe:2.3:a:microsoft:ie:5.0.1:sp4
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • Microsoft Internet Explorer 5.5 SP1
    cpe:2.3:a:microsoft:ie:5.5:sp1
  • Microsoft Internet Explorer 5.5 SP2
    cpe:2.3:a:microsoft:ie:5.5:sp2
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
  • cpe:2.3:a:microsoft:ie:6.0:sp1
    cpe:2.3:a:microsoft:ie:6.0:sp1
  • cpe:2.3:a:microsoft:ie:6.0:sp2
    cpe:2.3:a:microsoft:ie:6.0:sp2
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Advanced Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_server
  • Microsoft Windows 2000 Professional SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:professional
  • Microsoft Windows 2000 Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:server
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:r2:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:r2:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:r2:-:datacenter_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:r2:-:datacenter_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:standard:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:standard:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:web
    cpe:2.3:o:microsoft:windows_2003_server:web
  • Microsoft windows 98_gold
    cpe:2.3:o:microsoft:windows_98:-:gold
  • Microsoft windows 98_se
    cpe:2.3:o:microsoft:windows_98se
  • Microsoft Windows ME
    cpe:2.3:o:microsoft:windows_me
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • cpe:2.3:o:microsoft:windows_xp:-:media_center
    cpe:2.3:o:microsoft:windows_xp:-:media_center
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
  • Microsoft Windows XP Service Pack 1 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp1:home
  • Microsoft windows xp_sp1 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp1:media_center
  • Microsoft Windows XP Service Pack 2 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp2:home
  • Microsoft windows xp_sp2 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp2:media_center
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 7.5 (as of 13-05-2005 - 15:58)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability. CVE-2005-0053. Remote exploit for windows platform
id EDB-ID:24693
last seen 2016-02-02
modified 2004-10-20
published 2004-10-20
reporter http-equiv
source https://www.exploit-db.com/download/24693/
title Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-008.NASL
description The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to elevate his privileges and/or execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or opening a malicious file attachment.
last seen 2019-02-21
modified 2018-11-15
plugin id 16324
published 2005-02-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=16324
title MS05-008: Vulnerability in Windows Shell (890047)
oval via4
  • accepted 2011-05-16T04:00:11.011-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1015
    status accepted
    submitted 2005-09-19T04:00:00.000-04:00
    title WinXP,SP2 Drag-and-Drop Vulnerability
    version 69
  • accepted 2014-02-24T04:00:14.543-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dan Haynes
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1334
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE6 for Server 2003 Drag-and-Drop Vulnerability
    version 69
  • accepted 2011-05-16T04:02:20.658-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2046
    status accepted
    submitted 2005-03-31T12:00:00.000-04:00
    title Windows 2000 Drag-and-Drop Vulnerability
    version 68
  • accepted 2014-02-24T04:03:13.962-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dan Haynes
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2953
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title Windows XP,SP2 IE6.0 Drag-and-Drop Vulnerability
    version 68
  • accepted 2014-02-24T04:03:14.088-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dan Haynes
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3006
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE5.01,SP3 Drag-and-Drop Vulnerability
    version 69
  • accepted 2007-11-13T12:01:16.481-05:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4726
    status accepted
    submitted 2005-03-31T12:00:00.000-04:00
    title Server 2003/64-bit XP Drag-and-Drop Vulnerability
    version 66
  • accepted 2014-02-24T04:03:19.891-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dan Haynes
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4864
    status accepted
    submitted 2005-03-17T12:00:00.000-04:00
    title IE5.01,SP4 Drag-and-Drop Vulnerability
    version 69
refmap via4
bid 11466
cert TA05-039A
cert-vn VU#698835
ms
  • MS05-008
  • MS05-014
xf ie-dragdrop-gain-privileges(19117)
Last major update 10-09-2008 - 15:34
Published 02-05-2005 - 00:00
Last modified 12-10-2018 - 17:35
Back to Top