CVE-2005-0054 Information

Description

Internet Explorer 5.01 5.5 and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded which are decoded twice to generate a malicious hostname aka the \URL Decoding Zone Spoofing Vulnerability.\

Reference

http://marc.info/?l=bugtraq&m=110796851002781&w=2 http://www.kb.cert.org/vuls/id/580299 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19214 ie-file-url-encode(19214) https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1308 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1736 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3060 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3196 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3586