Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3477

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3477
Last Modified 05 Sep 2008 04:54:29
Published 02 Nov 2005 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3477

Summary

Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.

Vulnerable Systems

Application

  • Invision Power Services Invision Gallery 2.0.3


References

BID - 15286

SECUNIA - 17393

FULLDISC - 20051025 Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

SREASON - 105


Last Updated: 27 May 2016 10:40:56