// For flags

CVE-2005-2829

 

Severity Score

5.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."

Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualización del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el botón "Ejecutar", tcc "Vulnerabilidad de Manipulación de Cuadro de Descarga de Fichero".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-09-07 CVE Reserved
  • 2005-12-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (22)
URL Tag Source
http://marc.info/?l=full-disclosure&m=113450519906463&w=2 Mailing List
http://securityreason.com/securityalert/254 Third Party Advisory
http://securitytracker.com/id?1015349 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf X_refsource_confirm
http://www.securityfocus.com/archive/1/419395/100/0/threaded Mailing List
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/23448 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507 Signature
URL Date SRC
URL Date SRC
http://secunia.com/secunia_research/2005-21/advisory 2021-07-23
http://secunia.com/secunia_research/2005-7/advisory 2021-07-23
http://www.securityfocus.com/bid/15823 2021-07-23
URL Date SRC
http://secunia.com/advisories/15368 2021-07-23
http://secunia.com/advisories/18064 2021-07-23
http://secunia.com/advisories/18311 2021-07-23
http://www.vupen.com/english/advisories/2005/2867 2021-07-23
http://www.vupen.com/english/advisories/2005/2909 2021-07-23
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 2021-07-23
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Ie
Search vendor "Microsoft" for product "Ie"
 6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 5.0.1
Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1"
sp4
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 5.5
Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 6.0
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"
-
Affected