ID CVE-2005-0554
Summary Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-24T04:00:10.022-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1196
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title URL Parsing Memory Corruption Vulnerability (IE5.01,SP3)
    version 66
  • accepted 2014-02-24T04:03:11.830-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2253
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title URL Parsing Memory Corruption Vulnerability (IE5.01,SP4)
    version 66
  • accepted 2014-02-24T04:03:13.097-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2559
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title URL Parsing Memory Corruption Vulnerability (IE6 for Server 2003)
    version 67
  • accepted 2014-02-24T04:03:17.037-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3817
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title URL Parsing Memory Corruption Vulnerability (IE6 for XP,SP2)
    version 66
  • accepted 2014-02-24T04:03:27.309-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Jason Spashett
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:789
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title URL Parsing Memory Corruption Vulnerability (IE6,SP1)
    version 67
refmap via4
cert TA05-102A
cert-vn VU#756122
idefense 20050412 Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability
ms MS05-020
secunia 14922
Last major update 12-10-2018 - 21:36
Published 02-05-2005 - 04:00
Back to Top