Lucene search

[email protected]CVE-2005-3312

HistoryOct 26, 2005 - 10:02 a.m.

CVE-2005-3312

2005-10-2610:02:00

[email protected]

web.nvd.nist.gov

microsoft

internet explorer

xss

vulnerability

html

remote attackers

cross-site scripting

web server

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.823 High

EPSS

Percentile

98.4%

JSON

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch6.0

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq6.0

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	6.0

References

marc.info/?l=bugtraq&m=113017003617987&w=2

securityreason.com/securityalert/18

www.computec.ch/download.php?view.683

www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746

www.securiteam.com/windowsntfocus/6F00B00EBY.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.823 High

EPSS

Percentile

98.4%

JSON

Related for CVE-2005-3312

nvd5 cvelist5 cve4 ubuntucve2