Vulnerability CVE-2005-0053

Vulnerability Name:

CVE-2005-0053 (CCN-19117)

Assigned:

2005-02-08

Published:

2005-02-08

Updated:

2021-07-23

Summary:

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

Configuration 2:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

AND

cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:3006	V	IE5.01,SP3 Drag-and-Drop Vulnerability	2014-02-24
oval:org.mitre.oval:def:1334	V	IE6 for Server 2003 Drag-and-Drop Vulnerability	2014-02-24
oval:org.mitre.oval:def:4864	V	IE5.01,SP4 Drag-and-Drop Vulnerability	2014-02-24
oval:org.mitre.oval:def:2953	V	Windows XP,SP2 IE6.0 Drag-and-Drop Vulnerability	2014-02-24
oval:org.mitre.oval:def:1015	V	WinXP,SP2 Drag-and-Drop Vulnerability	2011-05-16
oval:org.mitre.oval:def:2046	V	Windows 2000 Drag-and-Drop Vulnerability	2011-05-16
oval:org.mitre.oval:def:4726	V	Server 2003/64-bit XP Drag-and-Drop Vulnerability	2007-11-13

BACK