ID CVE-2005-0553
Summary Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-24T04:00:22.025-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
    family windows
    id oval:org.mitre.oval:def:1695
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title DHTML Object Memory Corruption Vulnerability (IE6 for XP,SP2)
    version 67
  • accepted 2014-02-24T04:03:14.323-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
    family windows
    id oval:org.mitre.oval:def:3100
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title DHTML Object Memory Corruption Vulnerability (IE6 for Server 2003)
    version 68
  • accepted 2014-02-24T04:03:16.864-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Jason Spashett
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
    family windows
    id oval:org.mitre.oval:def:3752
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title DHTML Object Memory Corruption Vulnerability (IE6,SP1)
    version 68
  • accepted 2014-02-24T04:03:19.990-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
    family windows
    id oval:org.mitre.oval:def:4874
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title DHTML Object Memory Corruption Vulnerability (IE5.01,SP3)
    version 67
  • accepted 2014-02-24T04:03:20.603-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
    family windows
    id oval:org.mitre.oval:def:4985
    status accepted
    submitted 2005-05-10T12:00:00.000-04:00
    title DHTML Object Memory Corruption Vulnerability (IE5.01,SP4)
    version 67
refmap via4
cert TA05-102A
cert-vn VU#774338
idefense 20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability
secunia 14922
xf ie-dhtml-bo(19831)
saint via4
bid 13120
description Internet Explorer DHTML object vulnerability
id win_patch_ie_url
osvdb 15465
title ie_dhtml_object
type client
Last major update 12-10-2018 - 21:36
Published 02-05-2005 - 04:00
Last modified 12-10-2018 - 21:36
Back to Top