CVE-2005-0056
First published: Mon May 02 2005(Updated: )
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6-windows_server_2003_sp1 | |
| Internet Explorer | =5.01 | |
| Internet Explorer | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- http://www.kb.cert.org/vuls/id/823971
- http://www.securityfocus.com/bid/12427
- http://securitytracker.com/id?1013126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19137
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014
Frequently Asked Questions
What is the severity of CVE-2005-0056?
CVE-2005-0056 has a medium severity rating as it allows potential information disclosure and arbitrary code execution.
How do I fix CVE-2005-0056?
To fix CVE-2005-0056, users should upgrade to a version of Internet Explorer that is no longer affected by this vulnerability.
What versions of Internet Explorer are affected by CVE-2005-0056?
CVE-2005-0056 affects Internet Explorer versions 5.01, 5.5, and 6.
What types of attacks can be executed through CVE-2005-0056?
CVE-2005-0056 can be exploited to perform remote attacks that may lead to sensitive information disclosure or arbitrary code execution.
Is CVE-2005-0056 still a concern today?
While CVE-2005-0056 is an older vulnerability, systems using the affected versions of Internet Explorer may still be at risk if they are not updated.
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- vendor/ie
- vendor/internet explorer
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6-windows_server_2003_sp1
- canonical/internet explorer
- version/internet explorer/5.01
- version/internet explorer/5.5