Vulnerability Name: | CVE-2005-1790 (CCN-20783) | ||||||||||||||||||||||||||||
Assigned: | 2005-05-31 | ||||||||||||||||||||||||||||
Published: | 2005-05-31 | ||||||||||||||||||||||||||||
Updated: | 2021-07-23 | ||||||||||||||||||||||||||||
Summary: | Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability." | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.1 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
4.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-399 | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2005-1790 Source: MITRE Type: CNA CVE-2005-3896 Source: MITRE Type: CNA CVE-2005-3897 Source: BUGTRAQ Type: UNKNOWN 20050528 Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) Source: BUGTRAQ Type: UNKNOWN 20050530 Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) Source: CCN Type: BugTraq Mailing List, 2005-11-23 5:23:05 Re: IE BUG, Mozilla DOS? Source: CCN Type: SA15368 Microsoft Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 15368 Source: CCN Type: SA15546 Microsoft Internet Explorer "window()" Arbitrary Code Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 15546 Source: CCN Type: SA18064 Avaya Products Microsoft Windows Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 18064 Source: CCN Type: SA18311 Nortel Centrex IP Client Manager Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 18311 Source: CCN Type: SECTRACK ID: 1015251 Microsoft Internet Explorer Bug in Processing Mismatched Document Object Model Objects May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015251 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf Source: MISC Type: UNKNOWN http://www.computerterrorism.com/research/ie/ct21-11-2005 Source: CCN Type: US-CERT VU#887861 Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects Source: CERT-VN Type: US Government Resource VU#887861 Source: CCN Type: Microsoft Security Advisory (911302) Vulnerability in the way Internet Explorer Handles onLoad Events Could Allow Remote Code Execution Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: CCN Type: Microsoft Internet Explorer Web page Internet Explorer Home Source: CCN Type: OSVDB ID: 22268 Mozilla Firefox Javascript BODY Onload Event window() Function DoS Source: CCN Type: OSVDB ID: 79172 Apple Safari Javascript BODY Onload Event window() Function DoS Source: BUGTRAQ Type: UNKNOWN 20051121 Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability Source: BID Type: UNKNOWN 13799 Source: CCN Type: BID-13799 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability Source: CERT Type: US Government Resource TA05-347A Source: VUPEN Type: Vendor Advisory ADV-2005-2509 Source: VUPEN Type: Vendor Advisory ADV-2005-2867 Source: VUPEN Type: Vendor Advisory ADV-2005-2909 Source: MISC Type: UNKNOWN http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 Source: CCN Type: Internet Security Systems Protection Alert, November 22, 2005 Internet Explorer Javascript Window() Remote Code Execution Source: MS Type: UNKNOWN MS05-054 Source: XF Type: UNKNOWN javascript-window-code-execution(20783) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1091 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1299 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1303 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1489 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1508 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:722 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-15-2012] | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |