{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Windows 2000 Service Pack 3 & 4 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP 64-bit Edition Version 2003 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP 64-bit Edition Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP Service Pack 1 & 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 pour syst\u00e8mes Itanium.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLe composant ActiveX Dynamic HyperText Markup Language (DHTML) pr\u00e9sente\nune vuln\u00e9rabilit\u00e9 de type cross-domain qui permet \u00e0 un individu mal\nintentionn\u00e9 de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es du\nsyst\u00e8me vuln\u00e9rable ou d'ex\u00e9cuter du code arbitraire avec les privil\u00e8ges\nde la victime, au moyen d'une page ou d'un e-mail malicieusement\ncontruit en HTML.\n\n## Solution\n\nSe r\u00e9ferer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. Documentation).\n","cves":[],"links":[],"reference":"CERTA-2005-AVI-059","revisions":[{"description":"version initiale.","revision_date":"2005-02-10T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans le composant ActiveX DHTML Help permet\n\u00e0 un utilisateur mal intentionn\u00e9 d'ex\u00e9cuter \u00e0 distance du code\narbitraire sur le syst\u00e8me vuln\u00e9rable ou de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Vuln\u00e9rabilit\u00e9 dans le composant ActiveX DHTML","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS05-013 du 08 f\u00e9vrier 2005","url":"http://www.microsoft.com/technet/security/bulletin/MS05-013.mspx"}]}