Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0054

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-0054
Last Modified 10 Sep 2008 03:34:50
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0054

Summary

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5

  • Microsoft Ie 6


References

CERT - TA05-039A

CERT-VN - VU#580299

MS - MS05-014

BUGTRAQ - 20050209 Internet Explorer zone spoofing with encoded URLs

XF - ie-file-url-encode(19214)


Last Updated: 27 May 2016 10:39:38