VDB
CVE-2005-0054
CVE-2005-0054
PUBLISHED
CVSS 5.099999904632568 MEDIUM
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
EPSS 35.14% · 97.1th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
35.14%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | ie | 6 |
| n/a | n/a | n/a |
| microsoft | internet_explorer | 5.01, 5.5 |
Timeline
- Feb 8, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 31, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- oval:org.mitre.oval:def:3196 vdb
- ie-file-url-encode(19214) vdb
- MS05-014 vendor-advisory
- TA05-039A third-party-advisory
- oval:org.mitre.oval:def:3060 vdb
- oval:org.mitre.oval:def:1736 vdb
- 20050209 Internet Explorer zone spoofing with encoded URLs mailing-list
- oval:org.mitre.oval:def:3586 vdb
- oval:org.mitre.oval:def:1308 vdb
- VU#580299 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2005-0054 advisory