CVE-2005-0056 - Unsaleable You

Description

Internet Explorer 5.01 5.5 and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files which allows remote attackers to obtain sensitive information or execute arbitrary code aka the \Channel Definition Format (CDF) Cross Domain Vulnerability.\

Reference

http://www.us-cert.gov/cas/techalerts/TA05-039A.html http://www.kb.cert.org/vuls/id/823971 http://www.securityfocus.com/bid/12427 http://securitytracker.com/id?1013126 https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014