Vulnerability Name:

CVE-2005-0553 (CCN-19831)

Assigned:2005-04-12
Published:2005-04-12
Updated:2021-07-23
Summary:Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0553

Source: CCN
Type: SA14922
Microsoft Internet Explorer Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
14922

Source: CCN
Type: CIAC INFORMATION BULLETIN P-173
Cumulative Security Update for Internet Explorer (890923)

Source: IDEFENSE
Type: Patch, Vendor Advisory
20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability

Source: CCN
Type: US-CERT VU#774338
Microsoft Internet Explorer DHTML objects contain a race condition

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#774338

Source: CCN
Type: Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)

Source: CCN
Type: Microsoft Security Bulletin MS05-025
Cumulative Security Update for Internet Explorer (883939)

Source: CCN
Type: Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727)

Source: CCN
Type: Microsoft Security Bulletin MS05-052
Cumulative Security Update for Internet Explorer (896688)

Source: CCN
Type: Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)

Source: CCN
Type: Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: BID-13120
Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
TA05-102A

Source: MS
Type: UNKNOWN
MS05-020

Source: XF
Type: UNKNOWN
ie-dhtml-bo(19831)

Source: XF
Type: UNKNOWN
ie-dhtml-bo(19831)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1695

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3100

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3752

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4874

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4985

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000::sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:::itanium:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1695
    V
    DHTML Object Memory Corruption Vulnerability (IE6 for XP,SP2)
    2014-02-24
    oval:org.mitre.oval:def:4985
    V
    DHTML Object Memory Corruption Vulnerability (IE5.01,SP4)
    2014-02-24
    oval:org.mitre.oval:def:3100
    V
    DHTML Object Memory Corruption Vulnerability (IE6 for Server 2003)
    2014-02-24
    oval:org.mitre.oval:def:3752
    V
    DHTML Object Memory Corruption Vulnerability (IE6,SP1)
    2014-02-24
    oval:org.mitre.oval:def:4874
    V
    DHTML Object Memory Corruption Vulnerability (IE5.01,SP3)
    2014-02-24
    BACK
    microsoft internet explorer 5.01 sp4
    microsoft internet explorer 6.0
    microsoft ie 6.0 sp1
    microsoft internet explorer 5.01 sp3
    microsoft internet explorer 5.5 sp2
    microsoft internet explorer 6.0
    microsoft internet explorer 5.5 sp2
    microsoft ie 6.0 sp1
    microsoft internet explorer 5.01 sp3
    microsoft internet explorer 5.01 sp4
    microsoft windows 2000 sp3
    microsoft windows xp sp1
    microsoft windows 2000 sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server