CVE-2005-3312

Published: Oct 26, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6.0

References (10)

http://marc.info/?l=bugtraq&m=113017003617987&w=2

Source: cve@mitre.org

http://securityreason.com/securityalert/18

Source: cve@mitre.org

http://www.computec.ch/download.php?view.683

Source: cve@mitre.org

Exploit

http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securiteam.com/windowsntfocus/6F00B00EBY.html

Source: cve@mitre.org

Vendor Advisory

http://marc.info/?l=bugtraq&m=113017003617987&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/18

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.computec.ch/download.php?view.683

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securiteam.com/windowsntfocus/6F00B00EBY.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.