{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "18064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18064"}, {"name": "oval:org.mitre.oval:def:1340", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"}, {"name": "oval:org.mitre.oval:def:1458", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"}, {"name": "oval:org.mitre.oval:def:1209", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"}, {"name": "15823", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15823"}, {"name": "MS05-054", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"}, {"name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"}, {"name": "15368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15368"}, {"name": "ADV-2005-2909", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2909"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2005-7/advisory/"}, {"name": "oval:org.mitre.oval:def:1507", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"}, {"name": "1015349", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015349"}, {"name": "18311", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18311"}, {"name": "oval:org.mitre.oval:def:1490", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"}, {"name": "ADV-2005-2867", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2867"}, {"name": "ie-dialog-box-code-execution(23448)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"}, {"name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=113450519906463&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2005-21/advisory"}, {"tags": ["x_refsource_MISC"], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420"}, {"name": "oval:org.mitre.oval:def:1505", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"}, {"name": "254", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/254"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-2829", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18064"}, {"name": "oval:org.mitre.oval:def:1340", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"}, {"name": "oval:org.mitre.oval:def:1458", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"}, {"name": "oval:org.mitre.oval:def:1209", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"}, {"name": "15823", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15823"}, {"name": "MS05-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"}, {"name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"}, {"name": "15368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15368"}, {"name": "ADV-2005-2909", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2909"}, {"name": "http://secunia.com/secunia_research/2005-7/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-7/advisory/"}, {"name": "oval:org.mitre.oval:def:1507", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"}, {"name": "1015349", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015349"}, {"name": "18311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18311"}, {"name": "oval:org.mitre.oval:def:1490", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"}, {"name": "ADV-2005-2867", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2867"}, {"name": "ie-dialog-box-code-execution(23448)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"}, {"name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=113450519906463&w=2"}, {"name": "http://secunia.com/secunia_research/2005-21/advisory", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-21/advisory"}, {"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420", "refsource": "MISC", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420"}, {"name": "oval:org.mitre.oval:def:1505", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"}, {"name": "254", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/254"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-2829", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-09-07T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\""}, {"lang": "es", "value": "M\u00faltiples errores de dise\u00f1o en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualizaci\u00f3n del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el bot\u00f3n \"Ejecutar\", tcc \"Vulnerabilidad de Manipulaci\u00f3n de Cuadro de Descarga de Fichero\".\r\n"}], "id": "CVE-2005-2829", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-12-14T11:03:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=113450519906463&w=2"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/15368"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18064"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18311"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2005-21/advisory"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2005-7/advisory/"}, {"source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/254"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015349"}, {"source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/15823"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2867"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2909"}, {"source": "secure@microsoft.com", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}