Vulnerability Description
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6.0 |
References
- http://marc.info/?l=bugtraq&m=113017003617987&w=2
- http://securityreason.com/securityalert/18
- http://www.computec.ch/download.php?view.683Exploit
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746ExploitVendor Advisory
- http://www.securiteam.com/windowsntfocus/6F00B00EBY.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=113017003617987&w=2
- http://securityreason.com/securityalert/18
- http://www.computec.ch/download.php?view.683Exploit
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746ExploitVendor Advisory
- http://www.securiteam.com/windowsntfocus/6F00B00EBY.htmlVendor Advisory
FAQ
What is CVE-2005-3312?
CVE-2005-3312 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and W...
How severe is CVE-2005-3312?
CVE-2005-3312 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3312?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.