Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

Published

2005-08-19T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ati	catalyst_driver	*	Yes
Application	microsoft	.net_framework	1.1	Yes
Application	microsoft	.net_framework	1.1	Yes
Application	microsoft	.net_framework	1.1	Yes
Application	microsoft	.net_framework	1.1	Yes
Application	microsoft	office	*	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	2000	Yes
Application	microsoft	office	xp	Yes
Application	microsoft	office	xp	Yes
Application	microsoft	office	xp	Yes
Application	microsoft	project	98	Yes
Application	microsoft	project	2000	Yes
Application	microsoft	project	2002	Yes
Application	microsoft	project	2002	Yes
Application	microsoft	project	2003	Yes
Application	microsoft	project	2003	Yes
Application	microsoft	visio	2000	Yes
Application	microsoft	visio	2002	Yes
Application	microsoft	visio	2002	Yes
Application	microsoft	visio	2002	Yes
Application	microsoft	visio	2002	Yes
Application	microsoft	visio	2002	Yes
Application	microsoft	visio	2002	Yes
Application	microsoft	visio	2003	Yes
Application	microsoft	visio	2003	Yes
Application	microsoft	visio	2003	Yes
Application	microsoft	visio	2003	Yes
Application	microsoft	visual_studio_.net	2002	Yes
Application	microsoft	visual_studio_.net	2003	Yes
Application	microsoft	visual_studio_.net	2003	Yes
Application	microsoft	visual_studio_.net	gold	Yes
Application	microsoft	visual_studio_.net	gold	Yes
Application	microsoft	visual_studio_.net	gold	Yes
Application	microsoft	visual_studio_.net	gold	Yes
Application	microsoft	visual_studio_.net	gold	Yes

References

http://isc.sans.org/diary.php?date=2005-08-18 Third Party Advisory ([email protected])
http://secunia.com/advisories/16480 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/17172 Permissions Required, Third Party Advisory ([email protected])
http://secunia.com/advisories/17223 Permissions Required, Third Party Advisory ([email protected])
http://secunia.com/advisories/17509 Permissions Required, Third Party Advisory ([email protected])
http://securityreason.com/securityalert/72 Third Party Advisory ([email protected])
http://securitytracker.com/id?1014727 Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf Third Party Advisory ([email protected])
http://www.kb.cert.org/vuls/id/740372 Third Party Advisory, US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/898241 Third Party Advisory, US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/959049 Third Party Advisory, US Government Resource ([email protected])
http://www.microsoft.com/technet/security/advisory/906267.mspx Mitigation, Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/470690/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/14594 Exploit, Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/15061 Third Party Advisory, VDB Entry ([email protected])
http://www.us-cert.gov/cas/techalerts/TA05-284A.html Third Party Advisory, US Government Resource ([email protected])
http://www.us-cert.gov/cas/techalerts/TA05-347A.html Third Party Advisory, US Government Resource ([email protected])
http://www.us-cert.gov/cas/techalerts/TA06-220A.html Third Party Advisory, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2005/1450 Broken Link ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895 VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754 VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538 ([email protected])
http://isc.sans.org/diary.php?date=2005-08-18 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/16480 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17172 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17223 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17509 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/72 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1014727 Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/740372 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/898241 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/959049 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/906267.mspx Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/470690/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/14594 Exploit, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15061 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA05-284A.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA05-347A.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA06-220A.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2005/1450 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538 (af854a3a-2127-422b-91ae-364da2661108)