Detections
Analytics
CVE-2005-2127
high
Description
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.us-cert.gov/cas/techalerts/TA05-347A.html
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
http://www.securityfocus.com/bid/15061
http://www.securityfocus.com/archive/1/470690/100/0/threaded
http://www.microsoft.com/technet/security/advisory/906267.mspx
http://www.kb.cert.org/vuls/id/959049
http://www.kb.cert.org/vuls/id/898241
http://www.kb.cert.org/vuls/id/740372
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://securityreason.com/securityalert/72
http://secunia.com/advisories/17509
http://secunia.com/advisories/17223
http://secunia.com/advisories/17172