CVE-2005-0053 - Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and dr

CVE-2005-0053

Summary

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2011-05-16T04:00:11.011-04:00

class

vulnerability

contributors

name Matthew Burton
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Matthew Wojcik
organization The MITRE Corporation
name Jeff Cheng
organization Opsware, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:1015

status

accepted

submitted

2005-09-19T04:00:00.000-04:00

title

WinXP,SP2 Drag-and-Drop Vulnerability

version

accepted

2014-02-24T04:00:14.543-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Harvey Rubinovitz
organization The MITRE Corporation
name Harvey Rubinovitz
organization The MITRE Corporation
name Harvey Rubinovitz
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jeff Cheng
organization Opsware, Inc.
name Dan Haynes
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:1334

status

accepted

submitted

2005-03-17T12:00:00.000-04:00

title

IE6 for Server 2003 Drag-and-Drop Vulnerability

version

accepted

2011-05-16T04:02:20.658-04:00

class

vulnerability

contributors

name Matthew Burton
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jeff Cheng
organization Opsware, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:2046

status

accepted

submitted

2005-03-31T12:00:00.000-04:00

title

Windows 2000 Drag-and-Drop Vulnerability

version

accepted

2014-02-24T04:03:13.962-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Harvey Rubinovitz
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jeff Cheng
organization Opsware, Inc.
name Dan Haynes
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:2953

status

accepted

submitted

2005-03-17T12:00:00.000-04:00

title

Windows XP,SP2 IE6.0 Drag-and-Drop Vulnerability

version

accepted

2014-02-24T04:03:14.088-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jeff Cheng
organization Opsware, Inc.
name Dan Haynes
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:3006

status

accepted

submitted

2005-03-17T12:00:00.000-04:00

title

IE5.01,SP3 Drag-and-Drop Vulnerability

version

accepted

2007-11-13T12:01:16.481-05:00

class

vulnerability

contributors

name Matthew Burton
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jeff Cheng
organization Opsware, Inc.

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:4726

status

accepted

submitted

2005-03-31T12:00:00.000-04:00

title

Server 2003/64-bit XP Drag-and-Drop Vulnerability

version

accepted

2014-02-24T04:03:19.891-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jeff Cheng
organization Opsware, Inc.
name Dan Haynes
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

family

windows

oval:org.mitre.oval:def:4864

status

accepted

submitted

2005-03-17T12:00:00.000-04:00

title

IE5.01,SP4 Drag-and-Drop Vulnerability

version

refmap via4

bid	11466
cert	TA05-039A
cert-vn	VU#698835
xf	ie-dragdrop-gain-privileges(19117)

Last major update

23-07-2021 - 12:55

Published

02-05-2005 - 04:00

Last modified

23-07-2021 - 12:55