CVE-2005-1790
Description
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
- (no CPE)range: <=6.0 SP2 6.0.2900.2180
Patches
Vulnerability mechanics
Root cause
"Internet Explorer mishandles a JavaScript call to the built-in `window()` function from a BODY onload event, causing a memory corruption crash."
Attack vector
An attacker hosts a web page containing a `
Affected code
The advisory does not specify exact source files or functions. The crash is triggered in MSHTML.DLL (version 6.00.2900.2627) when the browser processes a JavaScript call to the built-in `window()` function from a `BODY` `onload` event handler [ref_id=1].
What the fix does
No patch is shown in the bundle. The advisory notes that the bug was fixed in an earlier version of Internet Explorer but reappeared in version 6 SP2, and no updated fix is provided [ref_id=1]. The only suggested workaround is to disable Active Scripting in the browser's options menu [ref_id=1].
Preconditions
- configThe victim must use Microsoft Internet Explorer 6 (SP2 or earlier) with Active Scripting enabled.
- networkThe attacker must host or inject a web page that the victim visits.
- inputThe page must contain a BODY onload event that calls the JavaScript window() function.
Reproduction
Create an HTML file containing `
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
24- secunia.com/advisories/15368nvdVendor Advisory
- secunia.com/advisories/15546nvdVendor Advisory
- secunia.com/advisories/18064nvdVendor Advisory
- secunia.com/advisories/18311nvdVendor Advisory
- www.vupen.com/english/advisories/2005/2509nvdVendor Advisory
- www.vupen.com/english/advisories/2005/2867nvdVendor Advisory
- www.vupen.com/english/advisories/2005/2909nvdVendor Advisory
- www.kb.cert.org/vuls/id/887861nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-347A.htmlnvdUS Government Resource
- marc.infonvd
- marc.infonvd
- securitytracker.com/idnvd
- support.avaya.com/elmodocs2/security/ASA-2005-234.pdfnvd
- www.computerterrorism.com/research/ie/ct21-11-2005nvd
- www.securityfocus.com/archive/1/417326/30/0/threadednvd
- www.securityfocus.com/bid/13799nvd
- www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jspnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1091nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1299nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1303nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1489nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1508nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A722nvd
News mentions
0No linked articles in our index yet.