Oval Definition:oval:org.mitre.oval:def:4985
Revision Date:2014-02-24Version:44
Title:DHTML Object Memory Corruption Vulnerability (IE5.01,SP4)
Description:Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-0553
Platform(s):Microsoft Windows 2000
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Software section
  • Internet Explorer 5.01 Service Pack 4 is installed
  • AND the version of mshtml.dll is less than 5.0.3826.2400
  • AND NOT the patch kb890923 is installed (Win2K SP4 Hotfix key)
  • AND Configuration section
  • ActiveX controls and active scripting are enabled
  • current user settings are being used and ActiveX controls and active scripting are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and ActiveX controls and active scripting are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND active scripting is enabled for the local machine
    • BACK