CERTA-2005-AVI-059
Vulnerability from certfr_avis - Published: 2005-02-10 - Updated: 2005-02-10
Une vulnérabilité découverte dans le composant ActiveX DHTML Help permet à un utilisateur mal intentionné d'exécuter à distance du code arbitraire sur le système vulnérable ou de porter atteinte à la confidentialité des données.
Description
Le composant ActiveX Dynamic HyperText Markup Language (DHTML) présente une vulnérabilité de type cross-domain qui permet à un individu mal intentionné de porter atteinte à la confidentialité des données du système vulnérable ou d'exécuter du code arbitraire avec les privilèges de la victime, au moyen d'une page ou d'un e-mail malicieusement contruit en HTML.
Solution
Se réferer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Microsoft Windows 2000 Service Pack 3 & 4 ; | ||
| Microsoft | Windows | Microsoft Windows Server 2003 ; | ||
| Microsoft | Windows | Microsoft Windows XP 64-bit Edition Version 2003 ; | ||
| Microsoft | Windows | Microsoft Windows XP 64-bit Edition Service Pack 1 ; | ||
| Microsoft | Windows | Microsoft Windows XP Service Pack 1 & 2 ; | ||
| Microsoft | Windows | Microsoft Windows Server 2003 pour systèmes Itanium. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Windows 2000 Service Pack 3 \u0026 4 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows Server 2003 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-bit Edition Version 2003 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-bit Edition Service Pack 1 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP Service Pack 1 \u0026 2 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows Server 2003 pour syst\u00e8mes Itanium.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLe composant ActiveX Dynamic HyperText Markup Language (DHTML) pr\u00e9sente\nune vuln\u00e9rabilit\u00e9 de type cross-domain qui permet \u00e0 un individu mal\nintentionn\u00e9 de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es du\nsyst\u00e8me vuln\u00e9rable ou d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges\nde la victime, au moyen d\u0027une page ou d\u0027un e-mail malicieusement\ncontruit en HTML.\n\n## Solution\n\nSe r\u00e9ferer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2005-02-10T00:00:00",
"last_revision_date": "2005-02-10T00:00:00",
"links": [],
"reference": "CERTA-2005-AVI-059",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans le composant ActiveX DHTML Help permet\n\u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter \u00e0 distance du code\narbitraire sur le syst\u00e8me vuln\u00e9rable ou de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le composant ActiveX DHTML",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS05-013 du 08 f\u00e9vrier 2005",
"url": "http://www.microsoft.com/technet/security/bulletin/MS05-013.mspx"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…