7.5
CVE-2005-2127
- EPSS 63.67%
- Veröffentlicht 19.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:19
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version1.1
Microsoft ≫ .Net Framework Version1.1 Updatesp1
Microsoft ≫ .Net Framework Version1.1 Updatesp2
Microsoft ≫ .Net Framework Version1.1 Updatesp3
Microsoft ≫ Visual Studio .Net Version2002 Updategold
Microsoft ≫ Visual Studio .Net Version2003 SwEditionenterprise_architect
Microsoft ≫ Visual Studio .Net Version2003 Updategold
Microsoft ≫ Visual Studio .Net Versiongold SwEditionacademic
Microsoft ≫ Visual Studio .Net Versiongold SwEditionenterprise_architect
Microsoft ≫ Visual Studio .Net Versiongold SwEditionenterprise_developer
Microsoft ≫ Visual Studio .Net Versiongold SwEditionprofessional
Microsoft ≫ Visual Studio .Net Versiongold SwEditiontrial
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 63.67% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/17223
http://www.us-cert.gov/cas/techalerts/TA05-347A.html
http://www.kb.cert.org/vuls/id/959049
http://secunia.com/advisories/17172
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://isc.sans.org/diary.php?date=2005-08-18
http://secunia.com/advisories/16480
http://secunia.com/advisories/17509
http://securityreason.com/securityalert/72
http://securitytracker.com/id?1014727
http://www.kb.cert.org/vuls/id/740372
http://www.kb.cert.org/vuls/id/898241
http://www.microsoft.com/technet/security/advisory/906267.mspx
http://www.securityfocus.com/archive/1/470690/100/0/threaded
http://www.securityfocus.com/bid/14594
http://www.securityfocus.com/bid/15061
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.vupen.com/english/advisories/2005/1450
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-052
https://exchange.xforce.ibmcloud.com/vulnerabilities/21895
https://exchange.xforce.ibmcloud.com/vulnerabilities/34754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1538