CVE-2005-0054 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

35.1%

top 2.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedMay 2

Latest updateMay 1

Description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.01, 5.5+1

▶NVDmicrosoft/ie6

Patches

Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-xx2h-39g7-5x2c: Internet Explorer 5↗2022-05-01

▶

CVEList

CVE-2005-0054: Internet Explorer 5↗2005-02-08

▶