CVE-2005-2829 — Microsoft IE vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

20.0%

top 4.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedDec 14

Latest updateMay 1

Description

Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2

▶NVDmicrosoft/ie6.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-prm3-f265-2p7w: Multiple design errors in Microsoft Internet Explorer 5↗2022-05-01

▶

CVEList

CVE-2005-2829: Multiple design errors in Microsoft Internet Explorer 5↗2005-12-14

▶