| Vulnerability Name: | CVE-2005-0056 (CCN-19137) | ||||||||||||||||||||||||
| Assigned: | 2005-02-08 | ||||||||||||||||||||||||
| Published: | 2005-02-08 | ||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||
| Summary: | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0055 Source: MITRE Type: CNA CVE-2005-0056 Source: CCN Type: SA11165 Microsoft Internet Explorer Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1013125 Microsoft Internet Explorer DHTML Method Heap Overflow Lets Remote Users Execute Arbitrary Code Source: CCN Type: SECTRACK ID: 1013126 Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting Code in Arbitrary Domains Source: SECTRACK Type: UNKNOWN 1013126 Source: CCN Type: CIAC Information Bulletin P-125 Microsoft Cumulative Security Update for Internet Explorer Source: CCN Type: GreyHats Security Web site External AddChannel Cross Zone Scripting Vulnerability Source: CCN Type: US-CERT VU#823971 Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability Source: CERT-VN Type: Patch, US Government Resource VU#823971 Source: CCN Type: US-CERT VU#843771 Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: BID Type: Exploit, Patch 12427 Source: CCN Type: BID-12427 Microsoft Internet Explorer AddChannel Cross-Zone Scripting Vulnerability Source: CCN Type: BID-12475 Microsoft Internet Explorer DHTML Method Buffer Overflow Vulnerability Source: CERT Type: Patch, US Government Resource TA05-039A Source: MS Type: UNKNOWN MS05-014 Source: XF Type: UNKNOWN ie-cdf-execute-code(19137) Source: XF Type: UNKNOWN ie-cdf-execute-code(19137) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2385 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2817 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:3318 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4085 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4947 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||