CVE-2006-0057
Last modified
CVE-2006-0057 is a vulnerability of currently unknown severity. Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.. EPSS estimates a 19.63% chance of exploitation in the next 30 days.
Description
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Ie | 6 | Windows Server 2003 Sp1 |
| Microsoft | Internet Explorer | 5.01 | Sp4 |
| Microsoft | Internet Explorer | 5.5 | Sp2 |
| Microsoft | Internet Explorer | 6 | Sp1 |
References
- http://www.kb.cert.org/vuls/id/998297Third Party Advisory, US Government Resource
- http://www.microsoft.com/technet/security/bulletin/ms05-054.mspxPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/998297Third Party Advisory, US Government Resource
- http://www.microsoft.com/technet/security/bulletin/ms05-054.mspxPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0057?
How severe is CVE-2006-0057?
How do I fix CVE-2006-0057?
Are you affected by CVE-2006-0057?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST