4

CVE-2005-3975

Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version4.5.0
DrupalDrupal Version4.5.1
DrupalDrupal Version4.5.2
DrupalDrupal Version4.5.3
DrupalDrupal Version4.5.4
DrupalDrupal Version4.5.5
DrupalDrupal Version4.6.0
DrupalDrupal Version4.6.1
DrupalDrupal Version4.6.2
DrupalDrupal Version4.6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.82% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/17824
Patch
Vendor Advisory
http://secunia.com/advisories/18630
http://www.debian.org/security/2006/dsa-958
http://www.vupen.com/english/advisories/2005/2684
http://drupal.org/files/sa-2005-008/4.6.3.patch
http://drupal.org/files/sa-2005-008/advisory.txt
Patch
Vendor Advisory
http://securityreason.com/securityalert/220
http://www.securityfocus.com/archive/1/418291/100/0/threaded
http://www.securityfocus.com/bid/15663
Patch