| Vulnerability Name: | CVE-2006-0057 (CCN-24379) | ||||||||
| Assigned: | 2006-01-26 | ||||||||
| Published: | 2006-01-26 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. Note: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0057 Source: CCN Type: Microsoft Knowledge Base Article 240797 How to stop an ActiveX control from running in Internet Explorer Source: CCN Type: US-CERT VU#998297 Microsoft Internet Explorer does not honor ActiveX kill bit Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#998297 Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: MISC Type: Patch, Vendor Advisory http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: OSVDB Type: UNKNOWN 23657 Source: CCN Type: OSVDB ID: 23657 Microsoft IE ActiveX Killbit Setting Bypass Source: BID Type: UNKNOWN 16409 Source: CCN Type: BID-16409 Microsoft Internet Explorer ActiveX Control Kill Bit Bypass Vulnerability Source: XF Type: UNKNOWN ie-activex-killbit-bypass(24379) Source: XF Type: UNKNOWN ie-activex-killbit-bypass(24379) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||