Lucene search

[email protected]CVE-2005-0360

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-0360

2022-10-0316:22:52

[email protected]

web.nvd.nist.gov

cve-2005-0360

microsoft

log sink class

activex control

pkmcore.dll

safe for scripting

internet explorer

remote attackers

file manipulation

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.293 Low

EPSS

Percentile

96.9%

JSON

The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as “safe for scripting” for Internet Explorer, which allows remote attackers to create or append to arbitrary files.

Affected configurations

NVD

Node

microsoftlog_sink_class_activex_control

CPENameOperatorVersion
microsoft:log_sink_class_activex_controlmicrosoft log sink class activex controleq*

CPE	Name	Operator	Version
microsoft:log_sink_class_activex_control	microsoft log sink class activex control	eq	*

References

www.kb.cert.org/vuls/id/165022

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.293 Low

EPSS

Percentile

96.9%

JSON

Related for CVE-2005-0360

cvelist1 nvd1 cert1