Secunia CSI 5.0
Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2005-2127
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-2127

Description:
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/21895
  http://xforce.iss.net/xforce/xfdb/34754

VULNWATCH

ST
  1014727

SREASON
  http://securityreason.com/securityalert/72

SAID
  Secunia Advisory: SA16480
  Secunia Advisory: SA17172
  Secunia Advisory: SA17223
  Secunia Advisory: SA17509

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1538
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1535
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1468
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1464
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1454
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1155

MS
  http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx

MISC
  http://isc.sans.org/diary.php?date=2005-08-18
  http://www.microsoft.com/technet/security/advisory/906267.mspx

CONFIRM
  http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

CERT-VN
  898241
  959049
  740372

CERT
  http://www.us-cert.gov/cas/techalerts/TA06-220A.html
  http://www.us-cert.gov/cas/techalerts/TA05-347A.html
  http://www.us-cert.gov/cas/techalerts/TA05-284A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/470690/100/0/threaded

BID
  15061
  14594


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports & Papers
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2012 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability