CVE-2005-0554
published 2005-05-02CVE-2005-0554: Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
57.91%
99.0th percentile
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit triggers via JavaScript DHTML object manipulation — monitor for suspicious window.open() combined with document.appendChild() calls in IE browser contexts ↗
- →Exploit variant using createElement and cross-window appendChild/removeChild manipulation ↗
- →Exploit variant attempting to append the document object itself to a new window's document ↗
- →Exploit variant appending document.all[0] across window boundaries — indicative of DHTML object handling abuse in IE ↗
- ·Vulnerability affects Microsoft Internet Explorer versions 5.01, 5.5, and 6 only; described as a URL parsing memory corruption issue but the available exploit targets DHTML object handling (MS05-020), not a long-hostname URL directly ↗
- ·The exploit-db proof-of-concept is labeled MS05-020 (DHTML Object Handling), which may be a mislabeled or related but distinct exploit from the URL parsing issue described in CVE-2005-0554; treat attribution with caution ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/14922/http://www.idefense.com/application/poi/display?id=229&type=vulnerabilitieshttp://www.kb.cert.org/vuls/id/756122http://www.us-cert.gov/cas/techalerts/TA05-102A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1196https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2253https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2559https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3817https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A789http://secunia.com/advisories/14922/http://www.idefense.com/application/poi/display?id=229&type=vulnerabilitieshttp://www.kb.cert.org/vuls/id/756122http://www.us-cert.gov/cas/techalerts/TA05-102A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1196https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2253https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2559https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3817https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A789
2005-05-02
Published