Internet Explorer DHTML object vulnerability

Added: 04/25/2006
CVE: CVE-2005-0553
BID: 13120
OSVDB: 15465

Background

Dynamic HTML (DHTML) allows the creation of interactive web pages.

Problem

Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-020.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=228

Limitations

A user must load the exploit URL in Internet Explorer in order to run the exploit. Since the vulnerability is a race condition, the exploit may not always succeed.

Platforms

Windows

Back to exploit index