New Search

IE6SP1 DHTML Method Heap Memory Corruption Vulnerability

oval:org.mitre.oval:def:1005

Internet Explorer 5.01 5.5 and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function which allows remote attackers to execute arbitrary code aka the "DHTML Method Heap Memory Corruption Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2005-0055
Product(s):
  • Microsoft Internet Explorer