CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

Published: Jan 27, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0057
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	6-sp1	6-sp1.x
microsoft / internet_explorer	5.01-sp4	5.01-sp4.x
microsoft / ie	6-windows_server_2003_sp1	6-windows_server_2003_sp1.x
microsoft / internet_explorer	5.5-sp2	5.5-sp2.x

http://www.kb.cert.org/vuls/id/998297
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx
http://www.osvdb.org/23657
http://www.securityfocus.com/bid/16409
https://exchange.xforce.ibmcloud.com/vulnerabilities/24379

Vulnerability Database

290,300

CVE-2006-0057