VUPEN Security - Microsoft Internet Explorer "window()" Code Execution Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Microsoft Internet Explorer "window()" Code Execution Vulnerability

Title : Microsoft Internet Explorer "window()" Code Execution Vulnerability
VUPEN ID : VUPEN/ADV-2005-2509
CVE ID : CVE-2005-1790
CWE ID : CWE-OVAL722 - CWE-OVAL1091 - CWE-OVAL1299 - CWE-OVAL1303 - CWE-OVAL1489 - CWE-OVAL1508
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-21

Technical Description

Apply patches :
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx

References

http://www.vupen.com/english/advisories/2005/2509
http://www.frsirt.com/english/reference/1111
http://www.microsoft.com/technet/security/advisory/911302.mspx
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx

Credits

Vulnerability originally reported by Benjamin Tobias Franz and exploited by Stuart Pearson

ChangeLog

2005-11-21 : Initial release
2005-11-21 : Updated References
2005-12-13 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Latest News

>> 2009-06-10