CVE-2005-0055
First published: Mon May 02 2005(Updated: )
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Microsoft Internet Explorer | =6.0-sp2 | |
| Internet Explorer | =5.0.1 | |
| Internet Explorer | =5.0.1-sp1 | |
| Internet Explorer | =5.0.1-sp2 | |
| Internet Explorer | =5.0.1-sp3 | |
| Internet Explorer | =5.0.1-sp4 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =5.5-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2004-12/advisory/
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- http://www.kb.cert.org/vuls/id/843771
- http://secunia.com/advisories/11165/
- http://securitytracker.com/id?1013125
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19137
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014
Frequently Asked Questions
What is the severity of CVE-2005-0055?
CVE-2005-0055 is rated as critical due to the potential for remote code execution.
How do I fix CVE-2005-0055?
To fix CVE-2005-0055, users should update Internet Explorer to a patched version provided by Microsoft.
Which versions are affected by CVE-2005-0055?
CVE-2005-0055 affects Internet Explorer versions 5.01, 5.5, and 6.0 including their various service packs.
What kind of attacks are possible with CVE-2005-0055?
CVE-2005-0055 allows remote attackers to execute arbitrary code on the affected systems.
Is CVE-2005-0055 still a threat today?
While CVE-2005-0055 primarily affects outdated versions of Internet Explorer, users still operating these versions may remain vulnerable.
- agent/weakness
- agent/event
- agent/references
- agent/type
- agent/author
- agent/description
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- vendor/ie
- vendor/internet explorer
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- version/microsoft internet explorer/6.0-sp2
- canonical/internet explorer
- version/internet explorer/5.0.1
- version/internet explorer/5.0.1-sp1
- version/internet explorer/5.0.1-sp2
- version/internet explorer/5.0.1-sp3
- version/internet explorer/5.0.1-sp4
- version/internet explorer/5.5
- version/internet explorer/5.5-sp1
- version/internet explorer/5.5-sp2
- version/internet explorer/6.0